2 * Routines for dtls dissection
3 * Copyright (c) 2006, Authesserre Samuel <sauthess@gmail.com>
4 * Copyright (c) 2007, Mikael Magnusson <mikma@users.sourceforge.net>
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 * DTLS dissection and decryption.
28 * See RFC 4347 for details about DTLS specs.
31 * This dissector is based on the TLS dissector (packet-ssl.c); Because of the similarity
32 * of DTLS and TLS, decryption works like TLS with RSA key exchange.
33 * This dissector uses the sames things (file, libraries) as the SSL dissector (gnutls, packet-ssl-utils.h)
34 * to make it easily maintainable.
36 * It was developed to dissect and decrypt the OpenSSL v 0.9.8f DTLS implementation.
37 * It is limited to this implementation; there is no complete implementation.
41 * - DTLS decryption (openssl one)
44 * - activate correct Mac calculation when openssl will be corrected
45 * (or if an other implementation works),
46 * corrected code is ready and commented in packet-ssl-utils.h file.
47 * - add missing things (desegmentation, reordering... that aren't present in actual OpenSSL implementation)
54 #include <epan/packet.h>
55 #include <epan/conversation.h>
56 #include <epan/expert.h>
57 #include <epan/prefs.h>
58 #include <epan/asn1.h>
59 #include <epan/dissectors/packet-x509af.h>
60 #include <epan/emem.h>
62 #include <epan/reassemble.h>
63 #include "packet-x509if.h"
64 #include "packet-ssl-utils.h"
65 #include <wsutil/file_util.h>
67 #include <epan/sctpppids.h>
69 void proto_register_dtls(void);
71 /* DTLS User Access Table */
72 static ssldecrypt_assoc_t *dtlskeylist_uats = NULL;
73 static guint ndtlsdecrypt = 0;
75 /* we need to remember the top tree so that subdissectors we call are created
76 * at the root and not deep down inside the DTLS decode
78 static proto_tree *top_tree;
80 /*********************************************************************
82 * Protocol Constants, Variables, Data Structures
84 *********************************************************************/
86 /* Initialize the protocol and registered fields */
87 static gint dtls_tap = -1;
88 static gint proto_dtls = -1;
89 static gint hf_dtls_record = -1;
90 static gint hf_dtls_record_content_type = -1;
91 static gint hf_dtls_record_version = -1;
92 static gint hf_dtls_record_epoch = -1;
93 static gint hf_dtls_record_sequence_number = -1;
94 static gint hf_dtls_record_length = -1;
95 static gint hf_dtls_record_appdata = -1;
96 static gint hf_dtls_change_cipher_spec = -1;
97 static gint hf_dtls_alert_message = -1;
98 static gint hf_dtls_alert_message_level = -1;
99 static gint hf_dtls_alert_message_description = -1;
100 static gint hf_dtls_handshake_protocol = -1;
101 static gint hf_dtls_handshake_type = -1;
102 static gint hf_dtls_handshake_length = -1;
103 static gint hf_dtls_handshake_message_seq = -1;
104 static gint hf_dtls_handshake_fragment_offset = -1;
105 static gint hf_dtls_handshake_fragment_length = -1;
106 static gint hf_dtls_handshake_client_version = -1;
107 static gint hf_dtls_handshake_server_version = -1;
108 static gint hf_dtls_handshake_random_time = -1;
109 static gint hf_dtls_handshake_random_bytes = -1;
110 static gint hf_dtls_handshake_cookie_len = -1;
111 static gint hf_dtls_handshake_cookie = -1;
112 static gint hf_dtls_handshake_cipher_suites_len = -1;
113 static gint hf_dtls_handshake_cipher_suites = -1;
114 static gint hf_dtls_handshake_cipher_suite = -1;
115 static gint hf_dtls_handshake_session_id = -1;
116 static gint hf_dtls_handshake_comp_methods_len = -1;
117 static gint hf_dtls_handshake_comp_methods = -1;
118 static gint hf_dtls_handshake_comp_method = -1;
119 static gint hf_dtls_handshake_extensions_len = -1;
120 static gint hf_dtls_handshake_extension_type = -1;
121 static gint hf_dtls_handshake_extension_len = -1;
122 static gint hf_dtls_handshake_extension_data = -1;
123 static gint hf_dtls_handshake_session_ticket_lifetime_hint = -1;
124 static gint hf_dtls_handshake_session_ticket_len = -1;
125 static gint hf_dtls_handshake_session_ticket = -1;
126 static gint hf_dtls_handshake_certificates_len = -1;
127 static gint hf_dtls_handshake_certificates = -1;
128 static gint hf_dtls_handshake_certificate = -1;
129 static gint hf_dtls_handshake_certificate_len = -1;
130 static gint hf_dtls_handshake_cert_types_count = -1;
131 static gint hf_dtls_handshake_cert_types = -1;
132 static gint hf_dtls_handshake_cert_type = -1;
133 static gint hf_dtls_handshake_server_keyex_p_len = -1;
134 static gint hf_dtls_handshake_server_keyex_g_len = -1;
135 static gint hf_dtls_handshake_server_keyex_ys_len = -1;
136 static gint hf_dtls_handshake_server_keyex_point_len = -1;
137 static gint hf_dtls_handshake_client_keyex_yc_len = -1;
138 static gint hf_dtls_handshake_client_keyex_point_len = -1;
139 static gint hf_dtls_handshake_client_keyex_epms_len = -1;
140 static gint hf_dtls_handshake_server_keyex_modulus_len = -1;
141 static gint hf_dtls_handshake_server_keyex_exponent_len = -1;
142 static gint hf_dtls_handshake_server_keyex_sig_len = -1;
143 static gint hf_dtls_handshake_server_keyex_p = -1;
144 static gint hf_dtls_handshake_server_keyex_g = -1;
145 static gint hf_dtls_handshake_server_keyex_ys = -1;
146 static gint hf_dtls_handshake_client_keyex_yc = -1;
147 static gint hf_dtls_handshake_server_keyex_curve_type = -1;
148 static gint hf_dtls_handshake_server_keyex_named_curve = -1;
149 static gint hf_dtls_handshake_server_keyex_point = -1;
150 static gint hf_dtls_handshake_client_keyex_epms = -1;
151 static gint hf_dtls_handshake_client_keyex_point = -1;
152 static gint hf_dtls_handshake_server_keyex_modulus = -1;
153 static gint hf_dtls_handshake_server_keyex_exponent = -1;
154 static gint hf_dtls_handshake_server_keyex_sig = -1;
155 static gint hf_dtls_handshake_server_keyex_hint_len = -1;
156 static gint hf_dtls_handshake_server_keyex_hint = -1;
157 static gint hf_dtls_handshake_client_keyex_identity_len = -1;
158 static gint hf_dtls_handshake_client_keyex_identity = -1;
159 static gint hf_dtls_handshake_sig_hash_alg_len = -1;
160 static gint hf_dtls_handshake_sig_hash_algs = -1;
161 static gint hf_dtls_handshake_sig_hash_alg = -1;
162 static gint hf_dtls_handshake_sig_hash_hash = -1;
163 static gint hf_dtls_handshake_sig_hash_sig = -1;
164 static gint hf_dtls_handshake_finished = -1;
165 /* static gint hf_dtls_handshake_md5_hash = -1; */
166 /* static gint hf_dtls_handshake_sha_hash = -1; */
167 static gint hf_dtls_handshake_session_id_len = -1;
168 static gint hf_dtls_handshake_dnames_len = -1;
169 static gint hf_dtls_handshake_dnames = -1;
170 static gint hf_dtls_handshake_dname_len = -1;
171 static gint hf_dtls_handshake_dname = -1;
173 static gint hf_dtls_heartbeat_extension_mode = -1;
174 static gint hf_dtls_heartbeat_message = -1;
175 static gint hf_dtls_heartbeat_message_type = -1;
176 static gint hf_dtls_heartbeat_message_payload_length = -1;
177 static gint hf_dtls_heartbeat_message_payload = -1;
178 static gint hf_dtls_heartbeat_message_padding = -1;
180 static gint hf_dtls_fragments = -1;
181 static gint hf_dtls_fragment = -1;
182 static gint hf_dtls_fragment_overlap = -1;
183 static gint hf_dtls_fragment_overlap_conflicts = -1;
184 static gint hf_dtls_fragment_multiple_tails = -1;
185 static gint hf_dtls_fragment_too_long_fragment = -1;
186 static gint hf_dtls_fragment_error = -1;
187 static gint hf_dtls_fragment_count = -1;
188 static gint hf_dtls_reassembled_in = -1;
189 static gint hf_dtls_reassembled_length = -1;
191 /* Initialize the subtree pointers */
192 static gint ett_dtls = -1;
193 static gint ett_dtls_record = -1;
194 static gint ett_dtls_alert = -1;
195 static gint ett_dtls_handshake = -1;
196 static gint ett_dtls_heartbeat = -1;
197 static gint ett_dtls_cipher_suites = -1;
198 static gint ett_dtls_comp_methods = -1;
199 static gint ett_dtls_extension = -1;
200 static gint ett_dtls_random = -1;
201 static gint ett_dtls_new_ses_ticket = -1;
202 static gint ett_dtls_keyex_params = -1;
203 static gint ett_dtls_certs = -1;
204 static gint ett_dtls_cert_types = -1;
205 static gint ett_dtls_sig_hash_algs = -1;
206 static gint ett_dtls_sig_hash_alg = -1;
207 static gint ett_dtls_dnames = -1;
209 static gint ett_dtls_fragment = -1;
210 static gint ett_dtls_fragments = -1;
212 static expert_field ei_dtls_handshake_fragment_length_too_long = EI_INIT;
213 static expert_field ei_dtls_handshake_fragment_past_end_msg = EI_INIT;
214 static expert_field ei_dtls_msg_len_diff_fragment = EI_INIT;
215 static expert_field ei_dtls_handshake_sig_hash_alg_len_bad = EI_INIT;
217 static GHashTable *dtls_session_hash = NULL;
218 static GHashTable *dtls_key_hash = NULL;
219 static reassembly_table dtls_reassembly_table;
220 static GTree* dtls_associations = NULL;
221 static dissector_handle_t dtls_handle = NULL;
222 static StringInfo dtls_compressed_data = {NULL, 0};
223 static StringInfo dtls_decrypted_data = {NULL, 0};
224 static gint dtls_decrypted_data_avail = 0;
226 static uat_t *dtlsdecrypt_uat = NULL;
227 static const gchar *dtls_keys_list = NULL;
228 #ifdef HAVE_LIBGNUTLS
229 static const gchar *dtls_debug_file_name = NULL;
232 static heur_dissector_list_t heur_subdissector_list;
234 static const fragment_items dtls_frag_items = {
235 /* Fragment subtrees */
238 /* Fragment fields */
241 &hf_dtls_fragment_overlap,
242 &hf_dtls_fragment_overlap_conflicts,
243 &hf_dtls_fragment_multiple_tails,
244 &hf_dtls_fragment_too_long_fragment,
245 &hf_dtls_fragment_error,
246 &hf_dtls_fragment_count,
247 /* Reassembled in field */
248 &hf_dtls_reassembled_in,
249 /* Reassembled length field */
250 &hf_dtls_reassembled_length,
251 /* Reassembled data field */
257 /* initialize/reset per capture state data (dtls sessions cache) */
261 module_t *dtls_module = prefs_find_module("dtls");
262 pref_t *keys_list_pref;
264 ssl_common_init(&dtls_session_hash, &dtls_decrypted_data, &dtls_compressed_data);
265 reassembly_table_init (&dtls_reassembly_table, &addresses_reassembly_table_functions);
267 /* We should have loaded "keys_list" by now. Mark it obsolete */
269 keys_list_pref = prefs_find_preference(dtls_module, "keys_list");
270 if (! prefs_get_preference_obsolete(keys_list_pref)) {
271 prefs_set_preference_obsolete(keys_list_pref);
276 /* parse dtls related preferences (private keys and ports association strings) */
280 ep_stack_t tmp_stack;
281 SslAssociation *tmp_assoc;
286 g_hash_table_foreach(dtls_key_hash, ssl_private_key_free, NULL);
287 g_hash_table_destroy(dtls_key_hash);
290 /* remove only associations created from key list */
291 tmp_stack = ep_stack_new();
292 g_tree_foreach(dtls_associations, ssl_assoc_from_key_list, tmp_stack);
293 while ((tmp_assoc = (SslAssociation *)ep_stack_pop(tmp_stack)) != NULL) {
294 ssl_association_remove(dtls_associations, tmp_assoc);
297 /* parse private keys string, load available keys and put them in key hash*/
298 dtls_key_hash = g_hash_table_new(ssl_private_key_hash, ssl_private_key_equal);
300 ssl_set_debug(dtls_debug_file_name);
302 if (ndtlsdecrypt > 0)
304 for (i = 0; i < ndtlsdecrypt; i++)
306 ssldecrypt_assoc_t *d = &(dtlskeylist_uats[i]);
307 ssl_parse_key_list(d, dtls_key_hash, dtls_associations, dtls_handle, FALSE);
311 dissector_add_handle("sctp.port", dtls_handle);
312 dissector_add_handle("udp.port", dtls_handle);
316 dtls_parse_old_keys(void)
318 gchar **old_keys, **parts, *err;
322 /* Import old-style keys */
323 if (dtlsdecrypt_uat && dtls_keys_list && dtls_keys_list[0]) {
324 old_keys = ep_strsplit(dtls_keys_list, ";", 0);
325 for (i = 0; old_keys[i] != NULL; i++) {
326 parts = ep_strsplit(old_keys[i], ",", 4);
327 if (parts[0] && parts[1] && parts[2] && parts[3]) {
328 uat_entry = ep_strdup_printf("\"%s\",\"%s\",\"%s\",\"%s\",\"\"",
329 parts[0], parts[1], parts[2], parts[3]);
330 if (!uat_load_str(dtlsdecrypt_uat, uat_entry, &err)) {
331 ssl_debug_printf("dtls_parse: Can't load UAT string %s: %s\n",
340 * DTLS Dissection Routines
344 /* record layer dissector */
345 static gint dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
346 proto_tree *tree, guint32 offset,
347 guint *conv_version, guint conv_cipher,
348 SslDecryptSession *conv_data);
350 /* change cipher spec dissector */
351 static void dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
354 guint *conv_version, guint8 content_type);
356 /* alert message dissector */
357 static void dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
358 proto_tree *tree, guint32 offset,
359 guint *conv_version);
361 /* handshake protocol dissector */
362 static void dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
363 proto_tree *tree, guint32 offset,
364 guint32 record_length,
365 guint *conv_version, guint conv_cipher,
366 SslDecryptSession *conv_data, guint8 content_type);
368 /* heartbeat message dissector */
369 static void dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
370 proto_tree *tree, guint32 offset,
371 guint *conv_version, guint32 record_length);
374 static void dissect_dtls_hnd_cli_hello(tvbuff_t *tvb,
376 guint32 offset, guint32 length,
377 SslDecryptSession* ssl);
379 static int dissect_dtls_hnd_srv_hello(tvbuff_t *tvb,
381 guint32 offset, guint32 length,
382 SslDecryptSession* ssl);
384 static int dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb,
387 SslDecryptSession* ssl);
389 static void dissect_dtls_hnd_new_ses_ticket(tvbuff_t *tvb,
391 guint32 offset, guint32 length);
393 static void dissect_dtls_hnd_cert(tvbuff_t *tvb,
394 proto_tree *tree, guint32 offset, packet_info *pinfo);
396 static void dissect_dtls_hnd_cert_req(tvbuff_t *tvb,
400 const guint *conv_version);
402 static void dissect_dtls_hnd_srv_keyex_ecdh(tvbuff_t *tvb,
404 guint32 offset, guint32 length);
406 static void dissect_dtls_hnd_srv_keyex_dh(tvbuff_t *tvb,
408 guint32 offset, guint32 length);
410 static void dissect_dtls_hnd_srv_keyex_rsa(tvbuff_t *tvb,
412 guint32 offset, guint32 length);
414 static void dissect_dtls_hnd_srv_keyex_psk(tvbuff_t *tvb,
416 guint32 offset, guint32 length);
418 static void dissect_dtls_hnd_cli_keyex_ecdh(tvbuff_t *tvb,
420 guint32 offset, guint32 length);
422 static void dissect_dtls_hnd_cli_keyex_dh(tvbuff_t *tvb,
424 guint32 offset, guint32 length);
426 static void dissect_dtls_hnd_cli_keyex_rsa(tvbuff_t *tvb,
428 guint32 offset, guint32 length);
430 static void dissect_dtls_hnd_cli_keyex_psk(tvbuff_t *tvb,
432 guint32 offset, guint32 length);
434 static void dissect_dtls_hnd_cli_keyex_rsa_psk(tvbuff_t *tvb,
436 guint32 offset, guint32 length);
438 static void dissect_dtls_hnd_finished(tvbuff_t *tvb,
441 guint* conv_version);
447 /*static void ssl_set_conv_version(packet_info *pinfo, guint version);*/
448 static gint dtls_is_valid_handshake_type(guint8 type);
450 static gint dtls_is_authoritative_version_message(guint8 content_type,
452 static gint looks_like_dtls(tvbuff_t *tvb, guint32 offset);
454 /*********************************************************************
458 *********************************************************************/
460 * Code to actually dissect the packets
463 dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
466 conversation_t *conversation;
469 proto_tree *dtls_tree;
471 gboolean first_record_in_frame;
472 SslDecryptSession *ssl_session;
475 Ssl_private_key_t *private_key;
480 first_record_in_frame = TRUE;
484 /* Track the version using conversations allows
485 * us to more frequently set the protocol column properly
486 * for continuation data frames.
488 * Also: We use the copy in conv_version as our cached copy,
489 * so that we don't have to search the conversation
490 * table every time we want the version; when setting
491 * the conv_version, must set the copy in the conversation
492 * in addition to conv_version
494 conversation = find_or_create_conversation(pinfo);
495 conv_data = conversation_get_proto_data(conversation, proto_dtls);
497 /* manage dtls decryption data */
498 /*get a valid ssl session pointer*/
499 if (conv_data != NULL)
500 ssl_session = (SslDecryptSession *)conv_data;
504 ssl_session = se_new0(SslDecryptSession);
505 ssl_session_init(ssl_session);
506 ssl_session->version = SSL_VER_UNKNOWN;
507 conversation_add_proto_data(conversation, proto_dtls, ssl_session);
509 /* we need to know witch side of conversation is speaking */
510 if (ssl_packet_from_server(ssl_session, dtls_associations, pinfo)) {
511 dummy.addr = pinfo->src;
512 dummy.port = pinfo->srcport;
515 dummy.addr = pinfo->dst;
516 dummy.port = pinfo->destport;
518 ssl_debug_printf("dissect_dtls server %s:%d\n",
519 ep_address_to_str(&dummy.addr),dummy.port);
521 /* try to retrieve private key for this service. Do it now 'cause pinfo
522 * is not always available
523 * Note that with HAVE_LIBGNUTLS undefined private_key is always 0
524 * and thus decryption never engaged*/
525 private_key = (Ssl_private_key_t *)g_hash_table_lookup(dtls_key_hash, &dummy);
527 ssl_debug_printf("dissect_dtls can't find private key for this server!\n");
530 ssl_session->private_key = private_key->sexp_pkey;
533 conv_version= & ssl_session->version;
534 conv_cipher = ssl_session->cipher;
536 /* try decryption only the first time we see this packet
537 * (to keep cipher synchronized) */
538 if (pinfo->fd->flags.visited)
541 /* Initialize the protocol column; we'll set it later when we
542 * figure out what flavor of DTLS it is (actually only one
544 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTLS");
546 /* clear the the info column */
547 col_clear(pinfo->cinfo, COL_INFO);
549 /* Create display subtree for SSL as a whole */
552 ti = proto_tree_add_item(tree, proto_dtls, tvb, 0, -1, ENC_NA);
553 dtls_tree = proto_item_add_subtree(ti, ett_dtls);
556 /* iterate through the records in this tvbuff */
557 while (tvb_reported_length_remaining(tvb, offset) != 0)
559 /* on second and subsequent records per frame
560 * add a delimiter on info column
562 if (!first_record_in_frame)
564 col_append_str(pinfo->cinfo, COL_INFO, ", ");
567 /* first try to dispatch off the cached version
568 * known to be associated with the conversation
570 switch(*conv_version) {
572 offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
573 offset, conv_version, conv_cipher,
576 case SSL_VER_DTLS1DOT2:
577 offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
578 offset, conv_version, conv_cipher,
582 /* that failed, so apply some heuristics based
583 * on this individual packet
586 if (looks_like_dtls(tvb, offset))
588 /* looks like dtls */
589 offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
590 offset, conv_version, conv_cipher,
595 /* looks like something unknown, so lump into
598 offset = tvb_length(tvb);
599 col_append_str(pinfo->cinfo, COL_INFO,
600 "Continuation Data");
602 /* Set the protocol column */
603 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTLS");
608 /* set up for next record in frame, if any */
609 first_record_in_frame = FALSE;
612 tap_queue_packet(dtls_tap, pinfo, NULL);
616 dissect_dtls_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
619 /* Stronger confirmation of DTLS packet is provided by verifying the
620 * captured payload length against the remainder of the UDP packet size. */
621 guint length = tvb_length(tvb);
624 if (tvb_reported_length(tvb) == length) {
625 /* The entire payload was captured. */
626 while (offset + 13 <= length && looks_like_dtls(tvb, offset)) {
627 /* Advance offset to the end of the current DTLS record */
628 offset += tvb_get_ntohs(tvb, offset + 11) + 13;
629 if (offset == length) {
630 dissect_dtls(tvb, pinfo, tree);
635 if (pinfo->fragmented && offset >= 13) {
636 dissect_dtls(tvb, pinfo, tree);
642 /* This packet was truncated by the capture process due to a snapshot
643 * length - do our best with what we've got. */
644 while (tvb_length_remaining(tvb, offset) >= 3) {
645 if (!looks_like_dtls(tvb, offset))
649 if (tvb_length_remaining(tvb, offset) >= 10 ) {
650 offset += tvb_get_ntohs(tvb, offset + 8) + 10;
652 /* Dissect what we've got, which might be as little as 3 bytes. */
653 dissect_dtls(tvb, pinfo, tree);
656 if (offset == length) {
657 /* Can this ever happen? Well, just in case ... */
658 dissect_dtls(tvb, pinfo, tree);
663 /* One last check to see if the current offset is at least less than the
664 * original number of bytes present before truncation or we're dealing with
665 * a packet fragment that's also been truncated. */
666 if ((length >= 3) && (offset <= tvb_reported_length(tvb) || pinfo->fragmented)) {
667 dissect_dtls(tvb, pinfo, tree);
674 decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
675 guint32 record_length, guint8 content_type, SslDecryptSession* ssl,
676 gboolean save_plaintext)
683 /* if we can decrypt and decryption have success
684 * add decrypted data to this packet info */
685 if (!ssl || (!save_plaintext && !(ssl->state & SSL_HAVE_SESSION_KEY))) {
686 ssl_debug_printf("decrypt_dtls_record: no session key\n");
689 ssl_debug_printf("decrypt_dtls_record: app_data len %d, ssl state %X\n",
690 record_length, ssl->state);
692 /* retrieve decoder for this packet direction */
693 if (ssl_packet_from_server(ssl, dtls_associations, pinfo) != 0) {
694 ssl_debug_printf("decrypt_dtls_record: using server decoder\n");
695 decoder = ssl->server;
698 ssl_debug_printf("decrypt_dtls_record: using client decoder\n");
699 decoder = ssl->client;
702 if (!decoder && ssl->cipher != 0x0001 && ssl->cipher != 0x0002) {
703 ssl_debug_printf("decrypt_dtls_record: no decoder available\n");
707 /* ensure we have enough storage space for decrypted data */
708 if (record_length > dtls_decrypted_data.data_len)
710 ssl_debug_printf("decrypt_dtls_record: allocating %d bytes"
711 " for decrypt data (old len %d)\n",
712 record_length + 32, dtls_decrypted_data.data_len);
713 dtls_decrypted_data.data = (guchar *)g_realloc(dtls_decrypted_data.data,
715 dtls_decrypted_data.data_len = record_length + 32;
718 /* run decryption and add decrypted payload to protocol data, if decryption
720 dtls_decrypted_data_avail = dtls_decrypted_data.data_len;
721 if (ssl->state & SSL_HAVE_SESSION_KEY) {
723 ssl_debug_printf("decrypt_dtls_record: no decoder available\n");
726 if (ssl_decrypt_record(ssl, decoder, content_type, tvb_get_ptr(tvb, offset, record_length), record_length,
727 &dtls_compressed_data, &dtls_decrypted_data, &dtls_decrypted_data_avail) == 0)
730 else if (ssl->cipher == 0x0001 || ssl->cipher == 0x0002) {
731 /* Non-encrypting cipher RSA-NULL-MD5 or RSA-NULL-SHA */
732 memcpy(dtls_decrypted_data.data, tvb_get_ptr(tvb, offset, record_length), record_length);
733 dtls_decrypted_data_avail = dtls_decrypted_data.data_len = record_length;
737 if (ret && save_plaintext) {
738 ssl_add_data_info(proto_dtls, pinfo, dtls_decrypted_data.data, dtls_decrypted_data_avail,
739 tvb_raw_offset(tvb)+offset, 0);
749 /*********************************************************************
751 * DTLS Dissection Routines
753 *********************************************************************/
755 dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
756 proto_tree *tree, guint32 offset,
757 guint *conv_version, guint conv_cipher,
758 SslDecryptSession* ssl)
763 * uint8 major, minor;
768 * change_cipher_spec(20), alert(21), handshake(22),
769 * application_data(23), (255)
774 * ProtocolVersion version;
775 * uint16 epoch; // New field
776 * uint48 sequence_number; // New field
778 * opaque fragment[TLSPlaintext.length];
782 guint32 record_length;
785 gdouble sequence_number;
786 gint64 sequence_number_temp;
790 proto_tree *dtls_record_tree;
791 SslAssociation *association;
792 SslDataInfo *appl_data;
795 dtls_record_tree = NULL;
798 * Get the record layer fields of interest
800 content_type = tvb_get_guint8(tvb, offset);
801 version = tvb_get_ntohs(tvb, offset + 1);
802 epoch = tvb_get_ntohs(tvb, offset + 3);
803 sequence_number = tvb_get_ntohl(tvb, offset + 7);
804 sequence_number_temp = tvb_get_ntohs(tvb, offset + 5);
805 sequence_number_temp = sequence_number_temp<<32;
806 sequence_number += sequence_number_temp;
807 record_length = tvb_get_ntohs(tvb, offset + 11);
810 if(ssl_packet_from_server(ssl, dtls_associations, pinfo)){
812 ssl->server->seq=(guint32)sequence_number;
813 ssl->server->epoch=epoch;
818 ssl->client->seq=(guint32)sequence_number;
819 ssl->client->epoch=epoch;
823 if (!ssl_is_valid_content_type(content_type)) {
825 /* if we don't have a valid content_type, there's no sense
826 * continuing any further
828 col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data");
830 /* Set the protocol column */
831 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTLS");
832 return offset + 13 + record_length;
836 * If GUI, fill in record layer part of tree
841 /* add the record layer subtree header */
842 tvb_ensure_bytes_exist(tvb, offset, 13 + record_length);
843 ti = proto_tree_add_item(tree, hf_dtls_record, tvb,
844 offset, 13 + record_length, ENC_NA);
845 dtls_record_tree = proto_item_add_subtree(ti, ett_dtls_record);
848 if (dtls_record_tree)
851 /* show the one-byte content type */
852 proto_tree_add_item(dtls_record_tree, hf_dtls_record_content_type,
853 tvb, offset, 1, ENC_BIG_ENDIAN);
856 /* add the version */
857 proto_tree_add_item(dtls_record_tree, hf_dtls_record_version, tvb,
858 offset, 2, ENC_BIG_ENDIAN);
862 proto_tree_add_uint(dtls_record_tree, hf_dtls_record_epoch, tvb, offset, 2, epoch);
866 /* add sequence_number */
868 proto_tree_add_double(dtls_record_tree, hf_dtls_record_sequence_number, tvb, offset, 6, sequence_number);
873 proto_tree_add_uint(dtls_record_tree, hf_dtls_record_length, tvb,
874 offset, 2, record_length);
875 offset += 2; /* move past length field itself */
880 /* if no GUI tree, then just skip over those fields */
886 * if we don't already have a version set for this conversation,
887 * but this message's version is authoritative (i.e., it's
888 * not client_hello, then save the version to to conversation
889 * structure and print the column version
891 next_byte = tvb_get_guint8(tvb, offset);
892 if (*conv_version == SSL_VER_UNKNOWN
893 && dtls_is_authoritative_version_message(content_type, next_byte))
895 if (version == DTLSV1DOT0_VERSION ||
896 version == DTLSV1DOT0_VERSION_NOT)
899 *conv_version = SSL_VER_DTLS;
901 ssl->version_netorder = version;
902 ssl->state |= SSL_VERSION;
904 /*ssl_set_conv_version(pinfo, ssl->version);*/
906 if (version == DTLSV1DOT2_VERSION)
909 *conv_version = SSL_VER_DTLS1DOT2;
911 ssl->version_netorder = version;
912 ssl->state |= SSL_VERSION;
914 /*ssl_set_conv_version(pinfo, ssl->version);*/
917 if (version == DTLSV1DOT0_VERSION)
919 col_set_str(pinfo->cinfo, COL_PROTOCOL,
920 val_to_str_const(SSL_VER_DTLS, ssl_version_short_names, "SSL"));
922 else if (version == DTLSV1DOT2_VERSION)
924 col_set_str(pinfo->cinfo, COL_PROTOCOL,
925 val_to_str_const(SSL_VER_DTLS1DOT2, ssl_version_short_names, "SSL"));
929 col_set_str(pinfo->cinfo, COL_PROTOCOL,"DTLS");
933 * now dissect the next layer
935 ssl_debug_printf("dissect_dtls_record: content_type %d\n",content_type);
937 /* PAOLO try to decrypt each record (we must keep ciphers "in sync")
938 * store plain text only for app data */
940 switch (content_type) {
941 case SSL_ID_CHG_CIPHER_SPEC:
942 col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
943 dissect_dtls_change_cipher_spec(tvb, dtls_record_tree,
944 offset, conv_version, content_type);
945 if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl, dtls_associations, pinfo));
951 if (ssl&&decrypt_dtls_record(tvb, pinfo, offset,
952 record_length, content_type, ssl, FALSE))
953 ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data,
954 dtls_decrypted_data_avail, offset);
956 /* try to retrieve and use decrypted alert record, if any. */
957 decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
959 dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0,
961 add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
963 dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset,
968 case SSL_ID_HANDSHAKE:
972 /* try to decrypt handshake record, if possible. Store decrypted
973 * record for later usage. The offset is used as 'key' to identify
974 * this record into the packet (we can have multiple handshake records
975 * in the same frame) */
976 if (ssl && decrypt_dtls_record(tvb, pinfo, offset,
977 record_length, content_type, ssl, FALSE))
978 ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data,
979 dtls_decrypted_data_avail, offset);
981 /* try to retrieve and use decrypted handshake record, if any. */
982 decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
984 dissect_dtls_handshake(decrypted, pinfo, dtls_record_tree, 0,
985 tvb_length(decrypted), conv_version, conv_cipher, ssl, content_type);
986 add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
988 dissect_dtls_handshake(tvb, pinfo, dtls_record_tree, offset,
989 record_length, conv_version, conv_cipher, ssl, content_type);
993 case SSL_ID_APP_DATA:
995 decrypt_dtls_record(tvb, pinfo, offset,
996 record_length, content_type, ssl, TRUE);
998 /* show on info column what we are decoding */
999 col_append_str(pinfo->cinfo, COL_INFO, "Application Data");
1001 if (!dtls_record_tree)
1004 /* we need dissector information when the selected packet is shown.
1005 * ssl session pointer is NULL at that time, so we can't access
1006 * info cached there*/
1007 association = ssl_association_find(dtls_associations, pinfo->srcport, pinfo->ptype == PT_TCP);
1008 association = association ? association : ssl_association_find(dtls_associations, pinfo->destport, pinfo->ptype == PT_TCP);
1010 proto_item_set_text(dtls_record_tree,
1011 "%s Record Layer: %s Protocol: %s",
1012 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1013 val_to_str_const(content_type, ssl_31_content_type, "unknown"),
1014 association?association->info:"Application Data");
1016 /* show decrypted data info, if available */
1017 appl_data = ssl_get_data_info(proto_dtls, pinfo, tvb_raw_offset(tvb)+offset);
1018 if (appl_data && (appl_data->plain_data.data_len > 0))
1022 /* try to dissect decrypted data*/
1023 ssl_debug_printf("dissect_dtls_record decrypted len %d\n",
1024 appl_data->plain_data.data_len);
1026 /* create a new TVB structure for desegmented data */
1027 next_tvb = tvb_new_child_real_data(tvb,
1028 appl_data->plain_data.data,
1029 appl_data->plain_data.data_len,
1030 appl_data->plain_data.data_len);
1032 add_new_data_source(pinfo, next_tvb, "Decrypted DTLS data");
1034 /* find out a dissector using server port*/
1035 if (association && association->handle) {
1036 ssl_debug_printf("dissect_dtls_record found association %p\n", (void *)association);
1037 ssl_print_data("decrypted app data",appl_data->plain_data.data, appl_data->plain_data.data_len);
1039 dissected = call_dissector_only(association->handle, next_tvb, pinfo, top_tree, NULL);
1042 /* try heuristic subdissectors */
1043 dissected = dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, top_tree, NULL);
1049 proto_tree_add_item(dtls_record_tree, hf_dtls_record_appdata, tvb,
1050 offset, record_length, ENC_NA);
1052 case SSL_ID_HEARTBEAT:
1054 tvbuff_t* decrypted;
1056 if (ssl && decrypt_dtls_record(tvb, pinfo, offset,
1057 record_length, content_type, ssl, FALSE))
1058 ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data,
1059 dtls_decrypted_data_avail, offset);
1061 /* try to retrieve and use decrypted alert record, if any. */
1062 decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
1064 dissect_dtls_heartbeat(decrypted, pinfo, dtls_record_tree, 0,
1065 conv_version, record_length);
1066 add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
1068 dissect_dtls_heartbeat(tvb, pinfo, dtls_record_tree, offset,
1069 conv_version, record_length);
1075 /* shouldn't get here since we check above for valid types */
1076 col_append_str(pinfo->cinfo, COL_INFO, "Bad DTLS Content Type");
1079 offset += record_length; /* skip to end of record */
1084 /* dissects the change cipher spec protocol, filling in the tree */
1086 dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
1087 proto_tree *tree, guint32 offset,
1088 guint* conv_version, guint8 content_type)
1092 * enum { change_cipher_spec(1), (255) } type;
1093 * } ChangeCipherSpec;
1098 proto_item_set_text(tree,
1099 "%s Record Layer: %s Protocol: Change Cipher Spec",
1100 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1101 val_to_str_const(content_type, ssl_31_content_type, "unknown"));
1102 proto_tree_add_item(tree, hf_dtls_change_cipher_spec, tvb,
1107 /* dissects the alert message, filling in the tree */
1109 dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
1110 proto_tree *tree, guint32 offset,
1111 guint* conv_version)
1115 * AlertDescription description;
1120 proto_tree *ssl_alert_tree;
1125 ssl_alert_tree = NULL;
1129 ti = proto_tree_add_item(tree, hf_dtls_alert_message, tvb,
1131 ssl_alert_tree = proto_item_add_subtree(ti, ett_dtls_alert);
1135 * set the record layer label
1138 /* first lookup the names for the alert level and description */
1139 byte = tvb_get_guint8(tvb, offset); /* grab the level byte */
1140 level = try_val_to_str(byte, ssl_31_alert_level);
1142 byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
1143 desc = try_val_to_str(byte, ssl_31_alert_description);
1145 /* now set the text in the record layer line */
1148 col_append_fstr(pinfo->cinfo, COL_INFO,
1149 "Alert (Level: %s, Description: %s)",
1154 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Alert");
1161 proto_item_set_text(tree, "%s Record Layer: Alert "
1162 "(Level: %s, Description: %s)",
1163 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1165 proto_tree_add_item(ssl_alert_tree, hf_dtls_alert_message_level,
1166 tvb, offset++, 1, ENC_BIG_ENDIAN);
1168 proto_tree_add_item(ssl_alert_tree, hf_dtls_alert_message_description,
1169 tvb, offset, 1, ENC_BIG_ENDIAN);
1173 proto_item_set_text(tree,
1174 "%s Record Layer: Encrypted Alert",
1175 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
1176 proto_item_set_text(ssl_alert_tree,
1177 "Alert Message: Encrypted Alert");
1183 /* dissects the handshake protocol, filling the tree */
1185 dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
1186 proto_tree *tree, guint32 offset,
1187 guint32 record_length, guint *conv_version, guint conv_cipher,
1188 SslDecryptSession* ssl, guint8 content_type)
1191 * HandshakeType msg_type;
1193 * uint16 message_seq; //new field
1194 * uint24 fragment_offset; //new field
1195 * uint24 fragment_length; //new field
1196 * select (HandshakeType) {
1197 * case hello_request: HelloRequest;
1198 * case client_hello: ClientHello;
1199 * case server_hello: ServerHello;
1200 * case hello_verify_request: HelloVerifyRequest; //new field
1201 * case certificate: Certificate;
1202 * case server_key_exchange: ServerKeyExchange;
1203 * case certificate_request: CertificateRequest;
1204 * case server_hello_done: ServerHelloDone;
1205 * case certificate_verify: CertificateVerify;
1206 * case client_key_exchange: ClientKeyExchange;
1207 * case finished: Finished;
1212 proto_tree *ti, *length_item = NULL, *fragment_length_item = NULL;
1213 proto_tree *ssl_hand_tree;
1214 const gchar *msg_type_str;
1217 guint16 message_seq;
1218 guint32 fragment_offset;
1219 guint32 fragment_length;
1220 gboolean first_iteration;
1222 guint32 reassembled_length;
1225 ssl_hand_tree = NULL;
1226 msg_type_str = NULL;
1227 first_iteration = TRUE;
1229 /* just as there can be multiple records per packet, there
1230 * can be multiple messages per record as long as they have
1231 * the same content type
1233 * we really only care about this for handshake messages
1236 /* set record_length to the max offset */
1237 record_length += offset;
1238 for (; offset < record_length; offset += fragment_length,
1239 first_iteration = FALSE) /* set up for next pass, if any */
1241 fragment_data *frag_msg = NULL;
1242 tvbuff_t *new_tvb = NULL;
1243 const gchar *frag_str = NULL;
1244 gboolean fragmented;
1248 /* add a subtree for the handshake protocol */
1249 ti = proto_tree_add_item(tree, hf_dtls_handshake_protocol, tvb,
1250 offset, -1, ENC_NA);
1251 ssl_hand_tree = proto_item_add_subtree(ti, ett_dtls_handshake);
1254 msg_type = tvb_get_guint8(tvb, offset);
1255 msg_type_str = try_val_to_str(msg_type, ssl_31_handshake_type);
1257 if (!msg_type_str && !first_iteration)
1259 /* only dissect / report messages if they're
1260 * either the first message in this record
1261 * or they're a valid message type
1266 /* on second and later iterations, add comma to info col */
1267 if (!first_iteration)
1269 col_append_str(pinfo->cinfo, COL_INFO, ", ");
1273 * Update our info string
1275 col_append_str(pinfo->cinfo, COL_INFO, (msg_type_str != NULL)
1276 ? msg_type_str : "Encrypted Handshake Message");
1279 proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_type,
1280 tvb, offset, 1, msg_type);
1283 length = tvb_get_ntoh24(tvb, offset);
1285 length_item = proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_length,
1286 tvb, offset, 3, length);
1289 message_seq = tvb_get_ntohs(tvb,offset);
1291 proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_message_seq,
1292 tvb, offset, 2, message_seq);
1295 fragment_offset = tvb_get_ntoh24(tvb, offset);
1297 proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_fragment_offset,
1298 tvb, offset, 3, fragment_offset);
1301 fragment_length = tvb_get_ntoh24(tvb, offset);
1303 fragment_length_item = proto_tree_add_uint(ssl_hand_tree,
1304 hf_dtls_handshake_fragment_length,
1308 proto_item_set_len(ti, fragment_length + 12);
1311 if (fragment_length + fragment_offset > length)
1313 if (fragment_offset == 0)
1315 expert_add_info(pinfo, fragment_length_item, &ei_dtls_handshake_fragment_length_too_long);
1320 expert_add_info(pinfo, fragment_length_item, &ei_dtls_handshake_fragment_past_end_msg);
1323 else if (fragment_length < length)
1327 /* Handle fragments of known message type */
1329 case SSL_HND_HELLO_REQUEST:
1330 case SSL_HND_CLIENT_HELLO:
1331 case SSL_HND_HELLO_VERIFY_REQUEST:
1332 case SSL_HND_NEWSESSION_TICKET:
1333 case SSL_HND_SERVER_HELLO:
1334 case SSL_HND_CERTIFICATE:
1335 case SSL_HND_SERVER_KEY_EXCHG:
1336 case SSL_HND_CERT_REQUEST:
1337 case SSL_HND_SVR_HELLO_DONE:
1338 case SSL_HND_CERT_VERIFY:
1339 case SSL_HND_CLIENT_KEY_EXCHG:
1340 case SSL_HND_FINISHED:
1344 /* Ignore encrypted handshake messages */
1351 /* Fragmented handshake message */
1352 pinfo->fragmented = TRUE;
1354 /* Don't pass the reassembly code data that doesn't exist */
1355 tvb_ensure_bytes_exist(tvb, offset, fragment_length);
1357 frag_msg = fragment_add(&dtls_reassembly_table,
1358 tvb, offset, pinfo, message_seq, NULL,
1359 fragment_offset, fragment_length, TRUE);
1361 * Do we already have a length for this reassembly?
1363 reassembled_length = fragment_get_tot_len(&dtls_reassembly_table,
1364 pinfo, message_seq, NULL);
1365 if (reassembled_length == 0)
1367 /* No - set it to the length specified by this packet. */
1368 fragment_set_tot_len(&dtls_reassembly_table,
1369 pinfo, message_seq, NULL, length);
1373 /* Yes - if this packet specifies a different length,
1375 if (reassembled_length != length)
1377 expert_add_info(pinfo, length_item, &ei_dtls_msg_len_diff_fragment);
1381 if (frag_msg && (fragment_length + fragment_offset) == reassembled_length)
1384 new_tvb = process_reassembled_data(tvb, offset, pinfo,
1389 frag_str = " (Reassembled)";
1393 frag_str = " (Fragment)";
1396 col_append_str(pinfo->cinfo, COL_INFO, frag_str);
1402 /* set the label text on the record layer expanding node */
1403 if (first_iteration)
1405 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s",
1406 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1407 val_to_str_const(content_type, ssl_31_content_type, "unknown"),
1408 (msg_type_str!=NULL) ? msg_type_str :
1409 "Encrypted Handshake Message",
1410 (frag_str!=NULL) ? frag_str : "");
1414 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s",
1415 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1416 val_to_str_const(content_type, ssl_31_content_type, "unknown"),
1417 "Multiple Handshake Messages",
1418 (frag_str!=NULL) ? frag_str : "");
1423 /* set the text label on the subtree node */
1424 proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s%s",
1425 (msg_type_str != NULL) ? msg_type_str :
1426 "Encrypted Handshake Message",
1427 (frag_str!=NULL) ? frag_str : "");
1431 /* if we don't have a valid handshake type, just quit dissecting */
1435 if (ssl_hand_tree || ssl)
1437 tvbuff_t *sub_tvb = NULL;
1439 if (fragmented && !new_tvb)
1441 /* Skip fragmented messages not reassembled yet */
1451 sub_tvb = tvb_new_subset(tvb, offset, fragment_length,
1455 /* now dissect the handshake message, if necessary */
1457 case SSL_HND_HELLO_REQUEST:
1458 /* hello_request has no fields, so nothing to do! */
1461 case SSL_HND_CLIENT_HELLO:
1462 dissect_dtls_hnd_cli_hello(sub_tvb, ssl_hand_tree, 0, length, ssl);
1465 case SSL_HND_SERVER_HELLO:
1466 dissect_dtls_hnd_srv_hello(sub_tvb, ssl_hand_tree, 0, length, ssl);
1469 case SSL_HND_HELLO_VERIFY_REQUEST:
1470 dissect_dtls_hnd_hello_verify_request(sub_tvb, ssl_hand_tree, 0, ssl);
1473 case SSL_HND_NEWSESSION_TICKET:
1474 dissect_dtls_hnd_new_ses_ticket(sub_tvb, ssl_hand_tree, 0, length);
1477 case SSL_HND_CERTIFICATE:
1478 dissect_dtls_hnd_cert(sub_tvb, ssl_hand_tree, 0, pinfo);
1481 case SSL_HND_SERVER_KEY_EXCHG:
1482 switch (ssl_get_keyex_alg(conv_cipher)) {
1484 dissect_dtls_hnd_srv_keyex_dh(tvb, ssl_hand_tree, offset, length);
1487 dissect_dtls_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length);
1490 dissect_dtls_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length);
1494 dissect_dtls_hnd_srv_keyex_psk(tvb, ssl_hand_tree, offset, length);
1501 case SSL_HND_CERT_REQUEST:
1502 dissect_dtls_hnd_cert_req(sub_tvb, ssl_hand_tree, 0, pinfo, conv_version);
1505 case SSL_HND_SVR_HELLO_DONE:
1506 /* server_hello_done has no fields, so nothing to do! */
1509 case SSL_HND_CERT_VERIFY:
1513 case SSL_HND_CLIENT_KEY_EXCHG:
1514 switch (ssl_get_keyex_alg(conv_cipher)) {
1516 dissect_dtls_hnd_cli_keyex_dh(tvb, ssl_hand_tree, offset, length);
1519 dissect_dtls_hnd_cli_keyex_rsa(tvb, ssl_hand_tree, offset, length);
1522 dissect_dtls_hnd_cli_keyex_ecdh(tvb, ssl_hand_tree, offset, length);
1525 dissect_dtls_hnd_cli_keyex_psk(tvb, ssl_hand_tree, offset, length);
1528 dissect_dtls_hnd_cli_keyex_rsa_psk(tvb, ssl_hand_tree, offset, length);
1534 /* here we can have all the data to build session key */
1535 StringInfo encrypted_pre_master;
1537 guint encrlen = length, skip;
1543 /* check for required session data */
1544 ssl_debug_printf("dissect_dtls_handshake found SSL_HND_CLIENT_KEY_EXCHG, state %X\n",
1546 if ((ssl->state & (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) !=
1547 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) {
1548 ssl_debug_printf("dissect_dtls_handshake not enough data to generate key (required state %X)\n",
1549 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION));
1553 /* Skip leading two bytes length field. Older openssl's DTLS implementation seems not to have this field.
1554 * See implementation note in RFC 4346 section 7.4.7.1
1556 if (ssl->cipher_suite.kex==KEX_RSA && ssl->version_netorder != DTLSV1DOT0_VERSION_NOT) {
1557 encrlen = tvb_get_ntohs(tvb, offset);
1559 if (encrlen > length - 2) {
1560 ssl_debug_printf("dissect_dtls_handshake wrong encrypted length (%d max %d)\n", encrlen, length);
1565 encrypted_pre_master.data = (guchar *)se_alloc(encrlen);
1566 encrypted_pre_master.data_len = encrlen;
1567 tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen);
1569 if (!ssl->private_key) {
1570 ssl_debug_printf("dissect_dtls_handshake can't find private key\n");
1574 /* go with ssl key processing; encrypted_pre_master
1575 * will be used for master secret store*/
1576 ret = ssl_decrypt_pre_master_secret(ssl, &encrypted_pre_master, ssl->private_key);
1578 ssl_debug_printf("dissect_dtls_handshake can't decrypt pre master secret\n");
1581 if (ssl_generate_keyring_material(ssl)<0) {
1582 ssl_debug_printf("dissect_dtls_handshake can't generate keyring material\n");
1585 ssl->state |= SSL_HAVE_SESSION_KEY;
1586 ssl_save_session(ssl, dtls_session_hash);
1587 ssl_debug_printf("dissect_dtls_handshake session keys successfully generated\n");
1591 case SSL_HND_FINISHED:
1592 dissect_dtls_hnd_finished(sub_tvb, ssl_hand_tree,
1601 /* dissects the heartbeat message, filling in the tree */
1603 dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
1604 proto_tree *tree, guint32 offset,
1605 guint* conv_version, guint32 record_length)
1608 * HeartbeatMessageType type;
1609 * uint16 payload_length;
1612 * } HeartbeatMessage;
1616 proto_tree *dtls_heartbeat_tree;
1619 guint16 payload_length;
1620 guint16 padding_length;
1622 dtls_heartbeat_tree = NULL;
1625 ti = proto_tree_add_item(tree, hf_dtls_heartbeat_message, tvb,
1626 offset, record_length - 32, ENC_NA);
1627 dtls_heartbeat_tree = proto_item_add_subtree(ti, ett_dtls_heartbeat);
1631 * set the record layer label
1634 /* first lookup the names for the message type and the payload length */
1635 byte = tvb_get_guint8(tvb, offset);
1636 type = try_val_to_str(byte, tls_heartbeat_type);
1638 payload_length = tvb_get_ntohs(tvb, offset + 1);
1639 padding_length = record_length - 3 - payload_length;
1641 /* now set the text in the record layer line */
1642 if (type && (payload_length <= record_length - 16 - 3)) {
1643 col_append_fstr(pinfo->cinfo, COL_INFO, "Heartbeat %s", type);
1645 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Heartbeat");
1649 if (type && (payload_length <= record_length - 16 - 3)) {
1650 proto_item_set_text(tree, "%s Record Layer: Heartbeat "
1652 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1654 proto_tree_add_item(dtls_heartbeat_tree, hf_dtls_heartbeat_message_type,
1655 tvb, offset, 1, ENC_BIG_ENDIAN);
1657 proto_tree_add_uint(dtls_heartbeat_tree, hf_dtls_heartbeat_message_payload_length,
1658 tvb, offset, 2, payload_length);
1660 proto_tree_add_bytes_format(dtls_heartbeat_tree, hf_dtls_heartbeat_message_payload,
1661 tvb, offset, payload_length,
1662 NULL, "Payload (%u byte%s)",
1664 plurality(payload_length, "", "s"));
1665 offset += payload_length;
1666 proto_tree_add_bytes_format(dtls_heartbeat_tree, hf_dtls_heartbeat_message_padding,
1667 tvb, offset, padding_length,
1668 NULL, "Padding and HMAC (%u byte%s)",
1670 plurality(padding_length, "", "s"));
1672 proto_item_set_text(tree,
1673 "%s Record Layer: Encrypted Heartbeat",
1674 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
1675 proto_item_set_text(dtls_heartbeat_tree,
1676 "Encrypted Heartbeat Message");
1682 dissect_dtls_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
1683 guint32 offset, SslDecryptSession* ssl, gint from_server)
1685 /* show the client's random challenge */
1686 nstime_t gmt_unix_time;
1687 guint8 session_id_length;
1689 proto_tree *dtls_rnd_tree = NULL;
1695 /* get proper peer information*/
1698 rnd = &ssl->server_random;
1700 rnd = &ssl->client_random;
1702 /* get provided random for keyring generation*/
1703 tvb_memcpy(tvb, rnd->data, offset, 32);
1706 ssl->state |= SSL_SERVER_RANDOM;
1708 ssl->state |= SSL_CLIENT_RANDOM;
1709 ssl_debug_printf("dissect_dtls_hnd_hello_common found random state %X\n",
1715 ti_rnd = proto_tree_add_text(tree, tvb, offset, 32, "Random");
1716 dtls_rnd_tree = proto_item_add_subtree(ti_rnd, ett_dtls_random);
1722 gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
1723 gmt_unix_time.nsecs = 0;
1724 proto_tree_add_time(dtls_rnd_tree, hf_dtls_handshake_random_time,
1725 tvb, offset, 4, &gmt_unix_time);
1729 /* show the random bytes */
1731 proto_tree_add_item(dtls_rnd_tree, hf_dtls_handshake_random_bytes,
1732 tvb, offset, 28, ENC_NA);
1735 /* show the session id */
1736 session_id_length = tvb_get_guint8(tvb, offset);
1738 proto_tree_add_item(tree, hf_dtls_handshake_session_id_len,
1739 tvb, offset, 1, ENC_BIG_ENDIAN);
1743 /* check stored session id info */
1744 if (from_server && (session_id_length == ssl->session_id.data_len) &&
1745 (tvb_memeql(tvb, offset, ssl->session_id.data, session_id_length) == 0))
1747 /* client/server id match: try to restore a previous cached session*/
1748 ssl_restore_session(ssl, dtls_session_hash);
1751 tvb_memcpy(tvb,ssl->session_id.data, offset, session_id_length);
1752 ssl->session_id.data_len = session_id_length;
1755 if (tree && session_id_length > 0)
1756 proto_tree_add_bytes_format(tree, hf_dtls_handshake_session_id,
1757 tvb, offset, session_id_length,
1758 NULL, "Session ID (%u byte%s)",
1760 plurality(session_id_length, "", "s"));
1761 offset += session_id_length;
1769 dissect_dtls_hnd_hello_ext(tvbuff_t *tvb,
1770 proto_tree *tree, guint32 offset, guint32 left)
1772 guint16 extension_length;
1776 proto_tree *ext_tree;
1781 extension_length = tvb_get_ntohs(tvb, offset);
1782 proto_tree_add_uint(tree, hf_dtls_handshake_extensions_len,
1783 tvb, offset, 2, extension_length);
1789 ext_type = tvb_get_ntohs(tvb, offset);
1790 ext_len = tvb_get_ntohs(tvb, offset + 2);
1792 pi = proto_tree_add_text(tree, tvb, offset, 4 + ext_len,
1794 val_to_str(ext_type,
1795 tls_hello_extension_types,
1797 ext_tree = proto_item_add_subtree(pi, ett_dtls_extension);
1801 proto_tree_add_uint(ext_tree, hf_dtls_handshake_extension_type,
1802 tvb, offset, 2, ext_type);
1805 proto_tree_add_uint(ext_tree, hf_dtls_handshake_extension_len,
1806 tvb, offset, 2, ext_len);
1810 case SSL_HND_HELLO_EXT_HEARTBEAT:
1811 proto_tree_add_item(ext_tree, hf_dtls_heartbeat_extension_mode,
1812 tvb, offset, 1, ENC_BIG_ENDIAN);
1816 proto_tree_add_bytes_format(ext_tree, hf_dtls_handshake_extension_data,
1817 tvb, offset, ext_len, NULL,
1819 ext_len, plurality(ext_len, "", "s"));
1824 left -= 2 + 2 + ext_len;
1831 dissect_dtls_hnd_cli_hello(tvbuff_t *tvb,
1832 proto_tree *tree, guint32 offset, guint32 length,
1833 SslDecryptSession*ssl)
1836 * ProtocolVersion client_version;
1838 * SessionID session_id;
1839 * opaque cookie<0..32>; //new field
1840 * CipherSuite cipher_suites<2..2^16-1>;
1841 * CompressionMethod compression_methods<1..2^8-1>;
1842 * Extension client_hello_extension_list<0..2^16-1>;
1848 proto_tree *cs_tree;
1849 guint16 cipher_suite_length;
1850 guint8 compression_methods_length;
1851 guint8 compression_method;
1852 guint16 start_offset = offset;
1853 guint8 cookie_length;
1857 /* show the client version */
1859 proto_tree_add_item(tree, hf_dtls_handshake_client_version, tvb,
1860 offset, 2, ENC_BIG_ENDIAN);
1863 /* show the fields in common with server hello */
1864 offset = dissect_dtls_hnd_hello_common(tvb, tree, offset, ssl, 0);
1866 /* look for a cookie */
1867 cookie_length = tvb_get_guint8(tvb, offset);
1871 proto_tree_add_uint(tree, hf_dtls_handshake_cookie_len,
1872 tvb, offset, 1, cookie_length);
1873 offset ++; /* skip opaque length */
1875 if (cookie_length > 0)
1877 proto_tree_add_item(tree, hf_dtls_handshake_cookie, tvb, offset,
1878 cookie_length, ENC_NA);
1879 offset += cookie_length;
1882 /* tell the user how many cipher suites there are */
1883 cipher_suite_length = tvb_get_ntohs(tvb, offset);
1885 proto_tree_add_uint(tree, hf_dtls_handshake_cipher_suites_len,
1886 tvb, offset, 2, cipher_suite_length);
1887 offset += 2; /* skip opaque length */
1889 if (cipher_suite_length > 0)
1891 tvb_ensure_bytes_exist(tvb, offset, cipher_suite_length);
1892 ti = proto_tree_add_none_format(tree,
1893 hf_dtls_handshake_cipher_suites,
1894 tvb, offset, cipher_suite_length,
1895 "Cipher Suites (%u suite%s)",
1896 cipher_suite_length / 2,
1897 plurality(cipher_suite_length/2, "", "s"));
1899 /* make this a subtree */
1900 cs_tree = proto_item_add_subtree(ti, ett_dtls_cipher_suites);
1903 cs_tree = tree; /* failsafe */
1906 while (cipher_suite_length > 0)
1908 proto_tree_add_item(cs_tree, hf_dtls_handshake_cipher_suite,
1909 tvb, offset, 2, ENC_BIG_ENDIAN);
1911 cipher_suite_length -= 2;
1915 /* tell the user how man compression methods there are */
1916 compression_methods_length = tvb_get_guint8(tvb, offset);
1917 proto_tree_add_uint(tree, hf_dtls_handshake_comp_methods_len,
1918 tvb, offset, 1, compression_methods_length);
1921 if (compression_methods_length > 0)
1923 tvb_ensure_bytes_exist(tvb, offset, compression_methods_length);
1924 ti = proto_tree_add_none_format(tree,
1925 hf_dtls_handshake_comp_methods,
1926 tvb, offset, compression_methods_length,
1927 "Compression Methods (%u method%s)",
1928 compression_methods_length,
1929 plurality(compression_methods_length,
1932 /* make this a subtree */
1933 cs_tree = proto_item_add_subtree(ti, ett_dtls_comp_methods);
1936 cs_tree = tree; /* failsafe */
1939 while (compression_methods_length > 0)
1941 compression_method = tvb_get_guint8(tvb, offset);
1942 if (compression_method < 64)
1943 proto_tree_add_uint(cs_tree, hf_dtls_handshake_comp_method,
1944 tvb, offset, 1, compression_method);
1945 else if (compression_method > 63 && compression_method < 193)
1946 proto_tree_add_text(cs_tree, tvb, offset, 1,
1947 "Compression Method: Reserved - to be assigned by IANA (%u)",
1948 compression_method);
1950 proto_tree_add_text(cs_tree, tvb, offset, 1,
1951 "Compression Method: Private use range (%u)",
1952 compression_method);
1954 compression_methods_length--;
1958 if (length > offset - start_offset)
1960 dissect_dtls_hnd_hello_ext(tvb, tree, offset,
1962 (offset - start_offset));
1968 dissect_dtls_hnd_srv_hello(tvbuff_t *tvb,
1969 proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession* ssl)
1972 * ProtocolVersion server_version;
1974 * SessionID session_id;
1975 * CipherSuite cipher_suite;
1976 * CompressionMethod compression_method;
1977 * Extension server_hello_extension_list<0..2^16-1>;
1981 guint16 start_offset;
1983 start_offset = offset;
1987 /* show the server version */
1989 proto_tree_add_item(tree, hf_dtls_handshake_server_version, tvb,
1990 offset, 2, ENC_BIG_ENDIAN);
1993 /* first display the elements conveniently in
1994 * common with client hello
1996 offset = dissect_dtls_hnd_hello_common(tvb, tree, offset, ssl, 1);
1998 /* PAOLO: handle session cipher suite */
2000 /* store selected cipher suite for decryption */
2001 ssl->cipher = tvb_get_ntohs(tvb, offset);
2002 if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
2003 ssl_debug_printf("dissect_dtls_hnd_srv_hello can't find cipher suite %X\n", ssl->cipher);
2007 ssl->state |= SSL_CIPHER;
2008 ssl_debug_printf("dissect_dtls_hnd_srv_hello found cipher %X, state %X\n",
2009 ssl->cipher, ssl->state);
2011 /* if we have restored a session now we can have enough material
2012 * to build session key, check it out*/
2014 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) !=
2015 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) {
2016 ssl_debug_printf("dissect_dtls_hnd_srv_hello not enough data to generate key (required state %X)\n",
2017 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET));
2021 ssl_debug_printf("dissect_dtls_hnd_srv_hello trying to generate keys\n");
2022 if (ssl_generate_keyring_material(ssl)<0) {
2023 ssl_debug_printf("dissect_dtls_hnd_srv_hello can't generate keyring material\n");
2026 ssl->state |= SSL_HAVE_SESSION_KEY;
2030 /* store selected compression method for decompression */
2031 ssl->compression = tvb_get_guint8(tvb, offset+2);
2036 /* now the server-selected cipher suite */
2037 proto_tree_add_item(tree, hf_dtls_handshake_cipher_suite,
2038 tvb, offset, 2, ENC_BIG_ENDIAN);
2041 /* and the server-selected compression method */
2042 proto_tree_add_item(tree, hf_dtls_handshake_comp_method,
2043 tvb, offset, 1, ENC_BIG_ENDIAN);
2046 if (length > offset - start_offset)
2048 offset = dissect_dtls_hnd_hello_ext(tvb, tree, offset,
2050 (offset - start_offset));
2057 dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, proto_tree *tree,
2058 guint32 offset, SslDecryptSession* ssl)
2062 * ProtocolVersion server_version;
2063 * opaque cookie<0..32>;
2064 * } HelloVerifyRequest;
2067 guint8 cookie_length;
2072 /* show the client version */
2074 proto_tree_add_item(tree, hf_dtls_handshake_server_version, tvb,
2075 offset, 2, ENC_BIG_ENDIAN);
2079 /* look for a cookie */
2080 cookie_length = tvb_get_guint8(tvb, offset);
2084 proto_tree_add_uint(tree, hf_dtls_handshake_cookie_len,
2085 tvb, offset, 1, cookie_length);
2086 offset ++; /* skip opaque length */
2088 if (cookie_length > 0)
2090 proto_tree_add_bytes_format(tree, hf_dtls_handshake_cookie,
2091 tvb, offset, cookie_length,
2092 NULL, "Cookie (%u byte%s)",
2094 plurality(cookie_length, "", "s"));
2095 offset += cookie_length;
2102 dissect_dtls_hnd_new_ses_ticket(tvbuff_t *tvb,
2103 proto_tree *tree, guint32 offset, guint32 length)
2107 proto_tree *subtree;
2110 nst_len = tvb_get_ntohs(tvb, offset+4);
2111 if (6 + nst_len != length) {
2115 ti = proto_tree_add_text(tree, tvb, offset, 6+nst_len, "TLS Session Ticket");
2116 subtree = proto_item_add_subtree(ti, ett_dtls_new_ses_ticket);
2118 proto_tree_add_item(subtree, hf_dtls_handshake_session_ticket_lifetime_hint,
2119 tvb, offset, 4, ENC_BIG_ENDIAN);
2122 proto_tree_add_uint(subtree, hf_dtls_handshake_session_ticket_len,
2123 tvb, offset, 2, nst_len);
2124 /* Content depends on implementation, so just show data! */
2125 proto_tree_add_item(subtree, hf_dtls_handshake_session_ticket,
2126 tvb, offset + 2, nst_len, ENC_NA);
2130 dissect_dtls_hnd_cert(tvbuff_t *tvb,
2131 proto_tree *tree, guint32 offset, packet_info *pinfo)
2134 /* opaque ASN.1Cert<2^24-1>;
2137 * ASN.1Cert certificate_list<1..2^24-1>;
2141 guint32 certificate_list_length;
2143 proto_tree *subtree;
2144 asn1_ctx_t asn1_ctx;
2146 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
2150 certificate_list_length = tvb_get_ntoh24(tvb, offset);
2151 proto_tree_add_uint(tree, hf_dtls_handshake_certificates_len,
2152 tvb, offset, 3, certificate_list_length);
2153 offset += 3; /* 24-bit length value */
2155 if (certificate_list_length > 0)
2157 tvb_ensure_bytes_exist(tvb, offset, certificate_list_length);
2158 ti = proto_tree_add_none_format(tree,
2159 hf_dtls_handshake_certificates,
2160 tvb, offset, certificate_list_length,
2161 "Certificates (%u byte%s)",
2162 certificate_list_length,
2163 plurality(certificate_list_length,
2166 /* make it a subtree */
2167 subtree = proto_item_add_subtree(ti, ett_dtls_certs);
2170 subtree = tree; /* failsafe */
2173 /* iterate through each certificate */
2174 while (certificate_list_length > 0)
2176 /* get the length of the current certificate */
2177 guint32 cert_length = tvb_get_ntoh24(tvb, offset);
2178 certificate_list_length -= 3 + cert_length;
2180 proto_tree_add_item(subtree, hf_dtls_handshake_certificate_len,
2181 tvb, offset, 3, ENC_BIG_ENDIAN);
2184 dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, subtree, hf_dtls_handshake_certificate);
2185 offset += cert_length;
2193 dissect_dtls_hnd_cert_req(tvbuff_t *tvb,
2194 proto_tree *tree, guint32 offset, packet_info *pinfo,
2195 const guint *conv_version)
2199 * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
2201 * } ClientCertificateType;
2203 * opaque DistinguishedName<1..2^16-1>;
2206 * ClientCertificateType certificate_types<1..2^8-1>;
2207 * DistinguishedName certificate_authorities<3..2^16-1>;
2208 * } CertificateRequest;
2211 * As per TLSv1.2 (RFC 5246) the format has changed to:
2214 * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
2215 * rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6),
2216 * fortezza_dms_RESERVED(20), (255)
2217 * } ClientCertificateType;
2220 * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
2224 * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
2225 * SignatureAlgorithm;
2228 * HashAlgorithm hash;
2229 * SignatureAlgorithm signature;
2230 * } SignatureAndHashAlgorithm;
2232 * SignatureAndHashAlgorithm
2233 * supported_signature_algorithms<2..2^16-2>;
2235 * opaque DistinguishedName<1..2^16-1>;
2238 * ClientCertificateType certificate_types<1..2^8-1>;
2239 * SignatureAndHashAlgorithm
2240 * supported_signature_algorithms<2^16-1>;
2241 * DistinguishedName certificate_authorities<0..2^16-1>;
2242 * } CertificateRequest;
2246 proto_tree *ti, *ti2;
2247 proto_tree *subtree;
2248 proto_tree *saved_subtree;
2249 guint8 cert_types_count;
2251 guint16 sig_hash_alg;
2253 asn1_ctx_t asn1_ctx;
2255 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
2259 cert_types_count = tvb_get_guint8(tvb, offset);
2260 proto_tree_add_uint(tree, hf_dtls_handshake_cert_types_count,
2261 tvb, offset, 1, cert_types_count);
2264 if (cert_types_count > 0)
2266 ti = proto_tree_add_none_format(tree,
2267 hf_dtls_handshake_cert_types,
2268 tvb, offset, cert_types_count,
2269 "Certificate types (%u type%s)",
2271 plurality(cert_types_count, "", "s"));
2272 subtree = proto_item_add_subtree(ti, ett_dtls_cert_types);
2278 while (cert_types_count > 0)
2280 proto_tree_add_item(subtree, hf_dtls_handshake_cert_type,
2281 tvb, offset, 1, ENC_BIG_ENDIAN);
2287 switch (*conv_version) {
2288 case SSL_VER_DTLS1DOT2:
2289 sh_alg_length = tvb_get_ntohs(tvb, offset);
2290 ti2 = proto_tree_add_uint(tree, hf_dtls_handshake_sig_hash_alg_len,
2291 tvb, offset, 2, sh_alg_length);
2294 if (sh_alg_length > 0)
2296 ti = proto_tree_add_none_format(tree,
2297 hf_dtls_handshake_sig_hash_algs,
2298 tvb, offset, sh_alg_length,
2299 "Signature Hash Algorithms (%u algorithm%s)",
2301 plurality(sh_alg_length/2, "", "s"));
2302 subtree = proto_item_add_subtree(ti, ett_dtls_sig_hash_algs);
2308 if (sh_alg_length % 2) {
2309 expert_add_info_format_text(pinfo, ti2, &ei_dtls_handshake_sig_hash_alg_len_bad,
2310 "Signature Hash Algorithm length (%d) must be a multiple of 2",
2316 while (sh_alg_length > 0)
2318 saved_subtree = subtree;
2320 sig_hash_alg = tvb_get_ntohs(tvb, offset);
2321 ti = proto_tree_add_uint(subtree, hf_dtls_handshake_sig_hash_alg,
2322 tvb, offset, 2, sig_hash_alg);
2323 subtree = proto_item_add_subtree(ti, ett_dtls_sig_hash_alg);
2326 subtree = saved_subtree;
2329 proto_tree_add_item(subtree, hf_dtls_handshake_sig_hash_hash,
2330 tvb, offset, 1, ENC_BIG_ENDIAN);
2331 proto_tree_add_item(subtree, hf_dtls_handshake_sig_hash_sig,
2332 tvb, offset+1, 1, ENC_BIG_ENDIAN);
2334 subtree = saved_subtree;
2346 dnames_length = tvb_get_ntohs(tvb, offset);
2347 proto_tree_add_uint(tree, hf_dtls_handshake_dnames_len,
2348 tvb, offset, 2, dnames_length);
2351 if (dnames_length > 0)
2353 tvb_ensure_bytes_exist(tvb, offset, dnames_length);
2354 ti = proto_tree_add_none_format(tree,
2355 hf_dtls_handshake_dnames,
2356 tvb, offset, dnames_length,
2357 "Distinguished Names (%d byte%s)",
2359 plurality(dnames_length, "", "s"));
2360 subtree = proto_item_add_subtree(ti, ett_dtls_dnames);
2366 while (dnames_length > 0)
2368 /* get the length of the current certificate */
2369 guint16 name_length;
2370 name_length = tvb_get_ntohs(tvb, offset);
2371 dnames_length -= 2 + name_length;
2373 proto_tree_add_item(subtree, hf_dtls_handshake_dname_len,
2374 tvb, offset, 2, ENC_BIG_ENDIAN);
2377 tvb_ensure_bytes_exist(tvb, offset, name_length);
2379 (void)dissect_x509if_DistinguishedName(FALSE, tvb, offset, &asn1_ctx, subtree, hf_dtls_handshake_dname);
2381 offset += name_length;
2390 dissect_dtls_hnd_srv_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree,
2391 guint32 offset, guint32 length)
2393 gint curve_type, curve_type_offset;
2394 gint named_curve, named_curve_offset;
2395 gint point_len, point_len_offset;
2396 gint sig_len, sig_len_offset;
2397 proto_item *ti_ecdh;
2398 proto_tree *ssl_ecdh_tree;
2399 guint32 orig_offset;
2401 orig_offset = offset;
2403 curve_type_offset = offset;
2404 curve_type = tvb_get_guint8(tvb, offset);
2405 if (curve_type != 3)
2406 return; /* only named_curves are supported */
2408 if ((offset - orig_offset) > length) {
2412 named_curve_offset = offset;
2413 named_curve = tvb_get_ntohs(tvb, offset);
2415 if ((offset - orig_offset) > length) {
2419 point_len_offset = offset;
2420 point_len = tvb_get_guint8(tvb, offset);
2421 if ((offset + point_len - orig_offset) > length) {
2424 offset += 1 + point_len;
2426 sig_len_offset = offset;
2427 sig_len = tvb_get_ntohs(tvb, offset);
2428 offset += 2 + sig_len;
2429 if ((offset - orig_offset) != length) {
2430 /* Lengths don't line up (wasn't what we expected?) */
2434 ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset,
2435 (offset - orig_offset), "EC Diffie-Hellman Server Params");
2436 ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_dtls_keyex_params);
2439 proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_curve_type,
2440 tvb, curve_type_offset, 1, curve_type);
2443 proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_named_curve,
2444 tvb, named_curve_offset, 2, named_curve);
2447 proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_point_len,
2448 tvb, point_len_offset, 1, point_len);
2449 proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_point,
2450 tvb, point_len_offset+1, point_len, ENC_NA);
2453 proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_sig_len,
2454 tvb, sig_len_offset, 2, sig_len);
2455 proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_sig,
2456 tvb, sig_len_offset + 2, sig_len, ENC_NA);
2461 dissect_dtls_hnd_srv_keyex_dh(tvbuff_t *tvb, proto_tree *tree,
2462 guint32 offset, guint32 length)
2464 gint p_len, p_len_offset;
2465 gint g_len, g_len_offset;
2466 gint ys_len, ys_len_offset;
2467 gint sig_len, sig_len_offset;
2469 proto_tree *ssl_dh_tree;
2470 guint32 orig_offset;
2472 orig_offset = offset;
2474 p_len_offset = offset;
2475 p_len = tvb_get_ntohs(tvb, offset);
2476 offset += 2 + p_len;
2477 if ((offset - orig_offset) > length) {
2481 g_len_offset = offset;
2482 g_len = tvb_get_ntohs(tvb, offset);
2483 offset += 2 + g_len;
2484 if ((offset - orig_offset) > length) {
2488 ys_len_offset = offset;
2489 ys_len = tvb_get_ntohs(tvb, offset);
2490 offset += 2 + ys_len;
2491 if ((offset - orig_offset) > length) {
2495 sig_len_offset = offset;
2496 sig_len = tvb_get_ntohs(tvb, offset);
2497 offset += 2 + sig_len;
2498 if ((offset - orig_offset) != length) {
2499 /* Lengths don't line up (wasn't what we expected?) */
2503 ti_dh = proto_tree_add_text(tree, tvb, orig_offset,
2504 (offset - orig_offset), "Diffie-Hellman Server Params");
2505 ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_dtls_keyex_params);
2508 proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_p_len,
2509 tvb, p_len_offset, 2, p_len);
2510 proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_p,
2511 tvb, p_len_offset + 2, p_len, ENC_NA);
2514 proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_g_len,
2515 tvb, g_len_offset, 2, g_len);
2516 proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_g,
2517 tvb, g_len_offset + 2, g_len, ENC_NA);
2520 proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_ys_len,
2521 tvb, ys_len_offset, 2, ys_len);
2522 proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_ys,
2523 tvb, ys_len_offset + 2, ys_len, ENC_NA);
2526 proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_sig_len,
2527 tvb, sig_len_offset, 2, sig_len);
2528 proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_sig,
2529 tvb, sig_len_offset + 2, sig_len, ENC_NA);
2533 /* Used in RSA PSK cipher suites */
2535 dissect_dtls_hnd_srv_keyex_rsa(tvbuff_t *tvb, proto_tree *tree,
2536 guint32 offset, guint32 length)
2538 gint modulus_len, modulus_len_offset;
2539 gint exponent_len, exponent_len_offset;
2540 gint sig_len, sig_len_offset;
2542 proto_tree *ssl_rsa_tree;
2543 guint32 orig_offset;
2545 orig_offset = offset;
2547 modulus_len_offset = offset;
2548 modulus_len = tvb_get_ntohs(tvb, offset);
2549 offset += 2 + modulus_len;
2550 if ((offset - orig_offset) > length) {
2554 exponent_len_offset = offset;
2555 exponent_len = tvb_get_ntohs(tvb, offset);
2556 offset += 2 + exponent_len;
2557 if ((offset - orig_offset) > length) {
2561 sig_len_offset = offset;
2562 sig_len = tvb_get_ntohs(tvb, offset);
2563 offset += 2 + sig_len;
2564 if ((offset - orig_offset) != length) {
2565 /* Lengths don't line up (wasn't what we expected?) */
2569 ti_rsa = proto_tree_add_text(tree, tvb, orig_offset,
2570 (offset - orig_offset), "RSA-EXPORT Server Params");
2571 ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_dtls_keyex_params);
2574 proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_modulus_len,
2575 tvb, modulus_len_offset, 2, modulus_len);
2576 proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_modulus,
2577 tvb, modulus_len_offset + 2, modulus_len, ENC_NA);
2580 proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_exponent_len,
2581 tvb, exponent_len_offset, 2, exponent_len);
2582 proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_exponent,
2583 tvb, exponent_len_offset + 2, exponent_len, ENC_NA);
2586 proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_sig_len,
2587 tvb, sig_len_offset, 2, sig_len);
2588 proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_sig,
2589 tvb, sig_len_offset + 2, sig_len, ENC_NA);
2593 /* Used in RSA PSK and PSK cipher suites */
2595 dissect_dtls_hnd_srv_keyex_psk(tvbuff_t *tvb, proto_tree *tree,
2596 guint32 offset, guint32 length)
2600 proto_tree *ssl_psk_tree;
2602 hint_len = tvb_get_ntohs(tvb, offset);
2603 if ((2 + hint_len) != length) {
2604 /* Lengths don't line up (wasn't what we expected?) */
2608 ti_psk = proto_tree_add_text(tree, tvb, offset,
2609 length, "PSK Server Params");
2610 ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_dtls_keyex_params);
2613 proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_server_keyex_hint_len,
2614 tvb, offset, 2, hint_len);
2615 proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_server_keyex_hint,
2616 tvb, offset + 2, hint_len, ENC_NA);
2620 dissect_dtls_hnd_cli_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree,
2621 guint32 offset, guint32 length)
2623 gint point_len, point_len_offset;
2624 proto_item *ti_ecdh;
2625 proto_tree *ssl_ecdh_tree;
2626 guint32 orig_offset;
2628 orig_offset = offset;
2630 point_len_offset = offset;
2631 point_len = tvb_get_guint8(tvb, offset);
2632 if ((offset + point_len - orig_offset) > length) {
2635 offset += 1 + point_len;
2637 ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset,
2638 (offset - orig_offset), "EC Diffie-Hellman Client Params");
2639 ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_dtls_keyex_params);
2642 proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_client_keyex_point_len,
2643 tvb, point_len_offset, 1, point_len);
2644 proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_client_keyex_point,
2645 tvb, point_len_offset+1, point_len, ENC_NA);
2650 dissect_dtls_hnd_cli_keyex_dh(tvbuff_t *tvb, proto_tree *tree,
2651 guint32 offset, guint32 length)
2653 gint yc_len, yc_len_offset;
2655 proto_tree *ssl_dh_tree;
2656 guint32 orig_offset;
2658 orig_offset = offset;
2660 yc_len_offset = offset;
2661 yc_len = tvb_get_ntohs(tvb, offset);
2662 offset += 2 + yc_len;
2663 if ((offset - orig_offset) != length) {
2667 ti_dh = proto_tree_add_text(tree, tvb, orig_offset,
2668 (offset - orig_offset), "Diffie-Hellman Client Params");
2669 ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_dtls_keyex_params);
2671 /* encrypted PreMaster secret */
2672 proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_client_keyex_yc_len,
2673 tvb, yc_len_offset, 2, yc_len);
2674 proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_client_keyex_yc,
2675 tvb, yc_len_offset + 2, yc_len, ENC_NA);
2679 dissect_dtls_hnd_cli_keyex_rsa(tvbuff_t *tvb, proto_tree *tree,
2680 guint32 offset, guint32 length)
2682 gint epms_len, epms_len_offset;
2684 proto_tree *ssl_rsa_tree;
2685 guint32 orig_offset;
2687 orig_offset = offset;
2689 epms_len_offset = offset;
2690 epms_len = tvb_get_ntohs(tvb, offset);
2691 offset += 2 + epms_len;
2692 if ((offset - orig_offset) != length) {
2696 ti_rsa = proto_tree_add_text(tree, tvb, orig_offset,
2697 (offset - orig_offset), "RSA Encrypted PreMaster Secret");
2698 ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_dtls_keyex_params);
2701 proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_client_keyex_epms_len,
2702 tvb, epms_len_offset, 2, epms_len);
2703 proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_client_keyex_epms,
2704 tvb, epms_len_offset + 2, epms_len, ENC_NA);
2707 /* Used in PSK cipher suites */
2709 dissect_dtls_hnd_cli_keyex_psk(tvbuff_t *tvb, proto_tree *tree,
2710 guint32 offset, guint32 length)
2714 proto_tree *ssl_psk_tree;
2716 identity_len = tvb_get_ntohs(tvb, offset);
2717 if ((2 + identity_len) != length) {
2718 /* Lengths don't line up (wasn't what we expected?) */
2722 ti_psk = proto_tree_add_text(tree, tvb, offset,
2723 length, "PSK Client Params");
2724 ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_dtls_keyex_params);
2727 proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity_len,
2728 tvb, offset, 2, identity_len);
2729 proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity,
2730 tvb, offset + 2, identity_len, ENC_NA);
2733 /* Used in RSA PSK cipher suites */
2735 dissect_dtls_hnd_cli_keyex_rsa_psk(tvbuff_t *tvb, proto_tree *tree,
2736 guint32 offset, guint32 length)
2738 gint identity_len, identity_len_offset;
2739 gint epms_len, epms_len_offset;
2741 proto_tree *ssl_psk_tree;
2742 guint32 orig_offset;
2744 orig_offset = offset;
2746 identity_len_offset = offset;
2747 identity_len = tvb_get_ntohs(tvb, offset);
2748 offset += 2 + identity_len;
2749 if ((offset - orig_offset) > length) {
2753 epms_len_offset = offset;
2754 epms_len = tvb_get_ntohs(tvb, offset);
2755 offset += 2 + epms_len;
2756 if ((offset - orig_offset) != length) {
2757 /* Lengths don't line up (wasn't what we expected?) */
2761 ti_psk = proto_tree_add_text(tree, tvb, orig_offset,
2762 (offset - orig_offset), "RSA PSK Client Params");
2763 ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_dtls_keyex_params);
2766 proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity_len,
2767 tvb, identity_len_offset, 2, identity_len);
2768 proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity,
2769 tvb, identity_len_offset + 2, identity_len, ENC_NA);
2772 proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_client_keyex_epms_len,
2773 tvb, epms_len_offset, 2, epms_len);
2774 proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_client_keyex_epms,
2775 tvb, epms_len_offset + 2, epms_len, ENC_NA);
2779 dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset,
2780 guint* conv_version)
2784 * opaque verify_data[12];
2788 /* this all needs a tree, so bail if we don't have one */
2794 switch(*conv_version) {
2796 proto_tree_add_item(tree, hf_dtls_handshake_finished,
2797 tvb, offset, 12, ENC_NA);
2799 case SSL_VER_DTLS1DOT2:
2800 proto_tree_add_item(tree, hf_dtls_handshake_finished,
2801 tvb, offset, 12, ENC_NA);
2806 /*********************************************************************
2810 *********************************************************************/
2813 ssl_set_conv_version(packet_info *pinfo, guint version)
2815 conversation_t *conversation;
2817 if (pinfo->fd->flags.visited)
2819 /* We've already processed this frame; no need to do any more
2825 conversation = find_or_create_conversation(pinfo);
2827 if (conversation_get_proto_data(conversation, proto_dtls) != NULL)
2829 /* get rid of the current data */
2830 conversation_delete_proto_data(conversation, proto_dtls);
2832 conversation_add_proto_data(conversation, proto_dtls, GINT_TO_POINTER(version));
2837 dtls_is_valid_handshake_type(guint8 type)
2841 case SSL_HND_HELLO_REQUEST:
2842 case SSL_HND_CLIENT_HELLO:
2843 case SSL_HND_SERVER_HELLO:
2844 case SSL_HND_HELLO_VERIFY_REQUEST:
2845 case SSL_HND_NEWSESSION_TICKET:
2846 case SSL_HND_CERTIFICATE:
2847 case SSL_HND_SERVER_KEY_EXCHG:
2848 case SSL_HND_CERT_REQUEST:
2849 case SSL_HND_SVR_HELLO_DONE:
2850 case SSL_HND_CERT_VERIFY:
2851 case SSL_HND_CLIENT_KEY_EXCHG:
2852 case SSL_HND_FINISHED:
2859 dtls_is_authoritative_version_message(guint8 content_type, guint8 next_byte)
2861 if (content_type == SSL_ID_HANDSHAKE
2862 && dtls_is_valid_handshake_type(next_byte))
2864 return (next_byte != SSL_HND_CLIENT_HELLO);
2866 else if (ssl_is_valid_content_type(content_type)
2867 && content_type != SSL_ID_HANDSHAKE)
2874 /* this applies a heuristic to determine whether
2875 * or not the data beginning at offset looks like a
2876 * valid dtls record.
2879 looks_like_dtls(tvbuff_t *tvb, guint32 offset)
2881 /* have to have a valid content type followed by a valid
2887 /* see if the first byte is a valid content type */
2888 byte = tvb_get_guint8(tvb, offset);
2889 if (!ssl_is_valid_content_type(byte))
2894 /* now check to see if the version byte appears valid */
2895 version = tvb_get_ntohs(tvb, offset + 1);
2896 if (version != DTLSV1DOT0_VERSION && version != DTLSV1DOT2_VERSION &&
2897 version != DTLSV1DOT0_VERSION_NOT)
2907 #ifdef HAVE_LIBGNUTLS
2909 dtlsdecrypt_free_cb(void* r)
2911 ssldecrypt_assoc_t* h = (ssldecrypt_assoc_t*)r;
2915 g_free(h->protocol);
2917 g_free(h->password);
2923 dtlsdecrypt_update_cb(void* r _U_, const char** err _U_)
2929 #ifdef HAVE_LIBGNUTLS
2931 dtlsdecrypt_copy_cb(void* dest, const void* orig, size_t len _U_)
2933 const ssldecrypt_assoc_t* o = (const ssldecrypt_assoc_t*)orig;
2934 ssldecrypt_assoc_t* d = (ssldecrypt_assoc_t*)dest;
2936 d->ipaddr = g_strdup(o->ipaddr);
2937 d->port = g_strdup(o->port);
2938 d->protocol = g_strdup(o->protocol);
2939 d->keyfile = g_strdup(o->keyfile);
2940 d->password = g_strdup(o->password);
2945 UAT_CSTRING_CB_DEF(sslkeylist_uats,ipaddr,ssldecrypt_assoc_t)
2946 UAT_CSTRING_CB_DEF(sslkeylist_uats,port,ssldecrypt_assoc_t)
2947 UAT_CSTRING_CB_DEF(sslkeylist_uats,protocol,ssldecrypt_assoc_t)
2948 UAT_FILENAME_CB_DEF(sslkeylist_uats,keyfile,ssldecrypt_assoc_t)
2949 UAT_CSTRING_CB_DEF(sslkeylist_uats,password,ssldecrypt_assoc_t)
2952 void proto_reg_handoff_dtls(void);
2954 /*********************************************************************
2956 * Standard Wireshark Protocol Registration and housekeeping
2958 *********************************************************************/
2960 proto_register_dtls(void)
2963 /* Setup list of header fields See Section 1.6.1 for details*/
2964 static hf_register_info hf[] = {
2966 { "Record Layer", "dtls.record",
2967 FT_NONE, BASE_NONE, NULL, 0x0,
2970 { &hf_dtls_record_content_type,
2971 { "Content Type", "dtls.record.content_type",
2972 FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0,
2975 { &hf_dtls_record_version,
2976 { "Version", "dtls.record.version",
2977 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2978 "Record layer version.", HFILL }
2980 { &hf_dtls_record_epoch,
2981 { "Epoch", "dtls.record.epoch",
2982 FT_UINT16, BASE_DEC, NULL, 0x0,
2985 { &hf_dtls_record_sequence_number,
2986 { "Sequence Number", "dtls.record.sequence_number",
2987 FT_DOUBLE, BASE_NONE, NULL, 0x0,
2990 { &hf_dtls_record_length,
2991 { "Length", "dtls.record.length",
2992 FT_UINT16, BASE_DEC, NULL, 0x0,
2993 "Length of DTLS record data", HFILL }
2995 { &hf_dtls_record_appdata,
2996 { "Encrypted Application Data", "dtls.app_data",
2997 FT_BYTES, BASE_NONE, NULL, 0x0,
2998 "Payload is encrypted application data", HFILL }
3000 { &hf_dtls_change_cipher_spec,
3001 { "Change Cipher Spec Message", "dtls.change_cipher_spec",
3002 FT_NONE, BASE_NONE, NULL, 0x0,
3003 "Signals a change in cipher specifications", HFILL }
3005 { & hf_dtls_alert_message,
3006 { "Alert Message", "dtls.alert_message",
3007 FT_NONE, BASE_NONE, NULL, 0x0,
3010 { & hf_dtls_alert_message_level,
3011 { "Level", "dtls.alert_message.level",
3012 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0,
3013 "Alert message level", HFILL }
3015 { &hf_dtls_alert_message_description,
3016 { "Description", "dtls.alert_message.desc",
3017 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0,
3018 "Alert message description", HFILL }
3020 { &hf_dtls_handshake_protocol,
3021 { "Handshake Protocol", "dtls.handshake",
3022 FT_NONE, BASE_NONE, NULL, 0x0,
3023 "Handshake protocol message", HFILL}
3025 { &hf_dtls_handshake_type,
3026 { "Handshake Type", "dtls.handshake.type",
3027 FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0,
3028 "Type of handshake message", HFILL}
3030 { &hf_dtls_handshake_length,
3031 { "Length", "dtls.handshake.length",
3032 FT_UINT24, BASE_DEC, NULL, 0x0,
3033 "Length of handshake message", HFILL }
3035 { &hf_dtls_handshake_message_seq,
3036 { "Message Sequence", "dtls.handshake.message_seq",
3037 FT_UINT16, BASE_DEC, NULL, 0x0,
3038 "Message sequence of handshake message", HFILL }
3040 { &hf_dtls_handshake_fragment_offset,
3041 { "Fragment Offset", "dtls.handshake.fragment_offset",
3042 FT_UINT24, BASE_DEC, NULL, 0x0,
3043 "Fragment offset of handshake message", HFILL }
3045 { &hf_dtls_handshake_fragment_length,
3046 { "Fragment Length", "dtls.handshake.fragment_length",
3047 FT_UINT24, BASE_DEC, NULL, 0x0,
3048 "Fragment length of handshake message", HFILL }
3050 { &hf_dtls_handshake_client_version,
3051 { "Version", "dtls.handshake.client_version",
3052 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3053 "Maximum version supported by client", HFILL }
3055 { &hf_dtls_handshake_server_version,
3056 { "Version", "dtls.handshake.server_version",
3057 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3058 "Version selected by server", HFILL }
3060 { &hf_dtls_handshake_random_time,
3061 { "GMT Unix Time", "dtls.handshake.random_time",
3062 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
3063 "Unix time field of random structure", HFILL }
3065 { &hf_dtls_handshake_random_bytes,
3066 { "Random Bytes", "dtls.handshake.random",
3067 FT_BYTES, BASE_NONE, NULL, 0x0,
3068 "Random challenge used to authenticate server", HFILL }
3070 { &hf_dtls_handshake_cipher_suites_len,
3071 { "Cipher Suites Length", "dtls.handshake.cipher_suites_length",
3072 FT_UINT16, BASE_DEC, NULL, 0x0,
3073 "Length of cipher suites field", HFILL }
3075 { &hf_dtls_handshake_cipher_suites,
3076 { "Cipher Suites", "dtls.handshake.ciphersuites",
3077 FT_NONE, BASE_NONE, NULL, 0x0,
3078 "List of cipher suites supported by client", HFILL }
3080 { &hf_dtls_handshake_cipher_suite,
3081 { "Cipher Suite", "dtls.handshake.ciphersuite",
3082 FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0,
3085 { &hf_dtls_handshake_cookie_len,
3086 { "Cookie Length", "dtls.handshake.cookie_length",
3087 FT_UINT8, BASE_DEC, NULL, 0x0,
3088 "Length of the cookie field", HFILL }
3090 { &hf_dtls_handshake_cookie,
3091 { "Cookie", "dtls.handshake.cookie",
3092 FT_BYTES, BASE_NONE, NULL, 0x0,
3095 { &hf_dtls_handshake_session_id,
3096 { "Session ID", "dtls.handshake.session_id",
3097 FT_BYTES, BASE_NONE, NULL, 0x0,
3098 "Identifies the DTLS session, allowing later resumption", HFILL }
3100 { &hf_dtls_handshake_comp_methods_len,
3101 { "Compression Methods Length", "dtls.handshake.comp_methods_length",
3102 FT_UINT8, BASE_DEC, NULL, 0x0,
3103 "Length of compression methods field", HFILL }
3105 { &hf_dtls_handshake_comp_methods,
3106 { "Compression Methods", "dtls.handshake.comp_methods",
3107 FT_NONE, BASE_NONE, NULL, 0x0,
3108 "List of compression methods supported by client", HFILL }
3110 { &hf_dtls_handshake_comp_method,
3111 { "Compression Method", "dtls.handshake.comp_method",
3112 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0,
3115 { &hf_dtls_handshake_extensions_len,
3116 { "Extensions Length", "dtls.handshake.extensions_length",
3117 FT_UINT16, BASE_DEC, NULL, 0x0,
3118 "Length of hello extensions", HFILL }
3120 { &hf_dtls_handshake_extension_type,
3121 { "Type", "dtls.handshake.extension.type",
3122 FT_UINT16, BASE_HEX, VALS(tls_hello_extension_types), 0x0,
3123 "Hello extension type", HFILL }
3125 { &hf_dtls_handshake_extension_len,
3126 { "Length", "dtls.handshake.extension.len",
3127 FT_UINT16, BASE_DEC, NULL, 0x0,
3128 "Length of a hello extension", HFILL }
3130 { &hf_dtls_handshake_extension_data,
3131 { "Data", "dtls.handshake.extension.data",
3132 FT_BYTES, BASE_NONE, NULL, 0x0,
3133 "Hello Extension data", HFILL }
3135 { &hf_dtls_handshake_session_ticket_lifetime_hint,
3136 { "Session Ticket Lifetime Hint", "dtls.handshake.session_ticket_lifetime_hint",
3137 FT_UINT32, BASE_DEC, NULL, 0x0,
3138 "New DTLS Session Ticket Lifetime Hint", HFILL }
3140 { &hf_dtls_handshake_session_ticket_len,
3141 { "Session Ticket Length", "dtls.handshake.session_ticket_length",
3142 FT_UINT16, BASE_DEC, NULL, 0x0,
3143 "New DTLS Session Ticket Length", HFILL }
3145 { &hf_dtls_handshake_session_ticket,
3146 { "Session Ticket", "dtls.handshake.session_ticket",
3147 FT_BYTES, BASE_NONE, NULL, 0x0,
3148 "New DTLS Session Ticket", HFILL }
3150 { &hf_dtls_handshake_certificates_len,
3151 { "Certificates Length", "dtls.handshake.certificates_length",
3152 FT_UINT24, BASE_DEC, NULL, 0x0,
3153 "Length of certificates field", HFILL }
3155 { &hf_dtls_handshake_certificates,
3156 { "Certificates", "dtls.handshake.certificates",
3157 FT_NONE, BASE_NONE, NULL, 0x0,
3158 "List of certificates", HFILL }
3160 { &hf_dtls_handshake_certificate,
3161 { "Certificate", "dtls.handshake.certificate",
3162 FT_BYTES, BASE_NONE, NULL, 0x0,
3165 { &hf_dtls_handshake_certificate_len,
3166 { "Certificate Length", "dtls.handshake.certificate_length",
3167 FT_UINT24, BASE_DEC, NULL, 0x0,
3168 "Length of certificate", HFILL }
3170 { &hf_dtls_handshake_cert_types_count,
3171 { "Certificate types count", "dtls.handshake.cert_types_count",
3172 FT_UINT8, BASE_DEC, NULL, 0x0,
3173 "Count of certificate types", HFILL }
3175 { &hf_dtls_handshake_cert_types,
3176 { "Certificate types", "dtls.handshake.cert_types",
3177 FT_NONE, BASE_NONE, NULL, 0x0,
3178 "List of certificate types", HFILL }
3180 { &hf_dtls_handshake_cert_type,
3181 { "Certificate type", "dtls.handshake.cert_type",
3182 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0,
3185 { &hf_dtls_handshake_server_keyex_p_len,
3186 { "p Length", "dtls.handshake.p_len",
3187 FT_UINT16, BASE_DEC, NULL, 0x0,
3188 "Length of p", HFILL }
3190 { &hf_dtls_handshake_server_keyex_g_len,
3191 { "g Length", "dtls.handshake.g_len",
3192 FT_UINT16, BASE_DEC, NULL, 0x0,
3193 "Length of g", HFILL }
3195 { &hf_dtls_handshake_server_keyex_ys_len,
3196 { "Pubkey Length", "dtls.handshake.ys_len",
3197 FT_UINT16, BASE_DEC, NULL, 0x0,
3198 "Length of server's Diffie-Hellman public key", HFILL }
3200 { &hf_dtls_handshake_client_keyex_yc_len,
3201 { "Pubkey Length", "dtls.handshake.yc_len",
3202 FT_UINT16, BASE_DEC, NULL, 0x0,
3203 "Length of client's Diffie-Hellman public key", HFILL }
3205 { &hf_dtls_handshake_client_keyex_point_len,
3206 { "Pubkey Length", "dtls.handshake.client_point_len",
3207 FT_UINT8, BASE_DEC, NULL, 0x0,
3208 "Length of client's EC Diffie-Hellman public key", HFILL }
3210 { &hf_dtls_handshake_server_keyex_point_len,
3211 { "Pubkey Length", "dtls.handshake.server_point_len",
3212 FT_UINT8, BASE_DEC, NULL, 0x0,
3213 "Length of server's EC Diffie-Hellman public key", HFILL }
3215 { &hf_dtls_handshake_client_keyex_epms_len,
3216 { "Encrypted PreMaster length", "dtls.handshake.epms_len",
3217 FT_UINT16, BASE_DEC, NULL, 0x0,
3218 "Length of encrypted PreMaster secret", HFILL }
3220 { &hf_dtls_handshake_client_keyex_epms,
3221 { "Encrypted PreMaster", "dtls.handshake.epms",
3222 FT_BYTES, BASE_NONE, NULL, 0x0,
3223 "Encrypted PreMaster secret", HFILL }
3225 { &hf_dtls_handshake_server_keyex_modulus_len,
3226 { "Modulus Length", "dtls.handshake.modulus_len",
3227 FT_UINT16, BASE_DEC, NULL, 0x0,
3228 "Length of RSA-EXPORT modulus", HFILL }
3230 { &hf_dtls_handshake_server_keyex_exponent_len,
3231 { "Exponent Length", "dtls.handshake.exponent_len",
3232 FT_UINT16, BASE_DEC, NULL, 0x0,
3233 "Length of RSA-EXPORT exponent", HFILL }
3235 { &hf_dtls_handshake_server_keyex_sig_len,
3236 { "Signature Length", "dtls.handshake.sig_len",
3237 FT_UINT16, BASE_DEC, NULL, 0x0,
3238 "Length of Signature", HFILL }
3240 { &hf_dtls_handshake_server_keyex_p,
3241 { "p", "dtls.handshake.p",
3242 FT_BYTES, BASE_NONE, NULL, 0x0,
3243 "Diffie-Hellman p", HFILL }
3245 { &hf_dtls_handshake_server_keyex_g,
3246 { "g", "dtls.handshake.g",
3247 FT_BYTES, BASE_NONE, NULL, 0x0,
3248 "Diffie-Hellman g", HFILL }
3250 { &hf_dtls_handshake_server_keyex_curve_type,
3251 { "Curve Type", "dtls.handshake.server_curve_type",
3252 FT_UINT8, BASE_HEX, VALS(ssl_curve_types), 0x0,
3253 "Server curve_type", HFILL }
3255 { &hf_dtls_handshake_server_keyex_named_curve,
3256 { "Named Curve", "dtls.handshake.server_named_curve",
3257 FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0,
3258 "Server named_curve", HFILL }
3260 { &hf_dtls_handshake_server_keyex_ys,
3261 { "Pubkey", "dtls.handshake.ys",
3262 FT_BYTES, BASE_NONE, NULL, 0x0,
3263 "Diffie-Hellman server pubkey", HFILL }
3265 { &hf_dtls_handshake_client_keyex_yc,
3266 { "Pubkey", "dtls.handshake.yc",
3267 FT_BYTES, BASE_NONE, NULL, 0x0,
3268 "Diffie-Hellman client pubkey", HFILL }
3270 { &hf_dtls_handshake_server_keyex_point,
3271 { "Pubkey", "dtls.handshake.server_point",
3272 FT_BYTES, BASE_NONE, NULL, 0x0,
3273 "EC Diffie-Hellman server pubkey", HFILL }
3275 { &hf_dtls_handshake_client_keyex_point,
3276 { "Pubkey", "dtls.handshake.client_point",
3277 FT_BYTES, BASE_NONE, NULL, 0x0,
3278 "EC Diffie-Hellman client pubkey", HFILL }
3280 { &hf_dtls_handshake_server_keyex_modulus,
3281 { "Modulus", "dtls.handshake.modulus",
3282 FT_BYTES, BASE_NONE, NULL, 0x0,
3283 "RSA-EXPORT modulus", HFILL }
3285 { &hf_dtls_handshake_server_keyex_exponent,
3286 { "Exponent", "dtls.handshake.exponent",
3287 FT_BYTES, BASE_NONE, NULL, 0x0,
3288 "RSA-EXPORT exponent", HFILL }
3290 { &hf_dtls_handshake_server_keyex_sig,
3291 { "Signature", "dtls.handshake.sig",
3292 FT_BYTES, BASE_NONE, NULL, 0x0,
3293 "Diffie-Hellman server signature", HFILL }
3295 { &hf_dtls_handshake_server_keyex_hint_len,
3296 { "Hint Length", "dtls.handshake.hint_len",
3297 FT_UINT16, BASE_DEC, NULL, 0x0,
3298 "Length of PSK Hint", HFILL }
3300 { &hf_dtls_handshake_server_keyex_hint,
3301 { "Hint", "dtls.handshake.hint",
3302 FT_BYTES, BASE_NONE, NULL, 0x0,
3305 { &hf_dtls_handshake_client_keyex_identity_len,
3306 { "Identity Length", "dtls.handshake.identity_len",
3307 FT_UINT16, BASE_DEC, NULL, 0x0,
3308 "Length of PSK Identity", HFILL }
3310 { &hf_dtls_handshake_client_keyex_identity,
3311 { "Identity", "dtls.handshake.identity",
3312 FT_BYTES, BASE_NONE, NULL, 0x0,
3313 "PSK Identity", HFILL }
3315 { &hf_dtls_handshake_sig_hash_alg_len,
3316 { "Signature Hash Algorithms Length", "dtls.handshake.sig_hash_alg_len",
3317 FT_UINT16, BASE_DEC, NULL, 0x0,
3318 "Length of Signature Hash Algorithms", HFILL }
3320 { &hf_dtls_handshake_sig_hash_algs,
3321 { "Signature Hash Algorithms", "dtls.handshake.sig_hash_algs",
3322 FT_NONE, BASE_NONE, NULL, 0x0,
3323 "List of Signature Hash Algorithms", HFILL }
3325 { &hf_dtls_handshake_sig_hash_alg,
3326 { "Signature Hash Algorithm", "dtls.handshake.sig_hash_alg",
3327 FT_UINT16, BASE_HEX, NULL, 0x0,
3330 { &hf_dtls_handshake_sig_hash_hash,
3331 { "Signature Hash Algorithm Hash", "dtls.handshake.sig_hash_hash",
3332 FT_UINT8, BASE_DEC, VALS(tls_hash_algorithm), 0x0,
3335 { &hf_dtls_handshake_sig_hash_sig,
3336 { "Signature Hash Algorithm Signature", "dtls.handshake.sig_hash_sig",
3337 FT_UINT8, BASE_DEC, VALS(tls_signature_algorithm), 0x0,
3340 { &hf_dtls_handshake_finished,
3341 { "Verify Data", "dtls.handshake.verify_data",
3342 FT_NONE, BASE_NONE, NULL, 0x0,
3343 "Opaque verification data", HFILL }
3346 { &hf_dtls_handshake_md5_hash,
3347 { "MD5 Hash", "dtls.handshake.md5_hash",
3348 FT_NONE, BASE_NONE, NULL, 0x0,
3349 "Hash of messages, master_secret, etc.", HFILL }
3351 { &hf_dtls_handshake_sha_hash,
3352 { "SHA-1 Hash", "dtls.handshake.sha_hash",
3353 FT_NONE, BASE_NONE, NULL, 0x0,
3354 "Hash of messages, master_secret, etc.", HFILL }
3357 { &hf_dtls_handshake_session_id_len,
3358 { "Session ID Length", "dtls.handshake.session_id_length",
3359 FT_UINT8, BASE_DEC, NULL, 0x0,
3360 "Length of session ID field", HFILL }
3362 { &hf_dtls_handshake_dnames_len,
3363 { "Distinguished Names Length", "dtls.handshake.dnames_len",
3364 FT_UINT16, BASE_DEC, NULL, 0x0,
3365 "Length of list of CAs that server trusts", HFILL }
3367 { &hf_dtls_handshake_dnames,
3368 { "Distinguished Names", "dtls.handshake.dnames",
3369 FT_NONE, BASE_NONE, NULL, 0x0,
3370 "List of CAs that server trusts", HFILL }
3372 { &hf_dtls_handshake_dname_len,
3373 { "Distinguished Name Length", "dtls.handshake.dname_len",
3374 FT_UINT16, BASE_DEC, NULL, 0x0,
3375 "Length of distinguished name", HFILL }
3377 { &hf_dtls_handshake_dname,
3378 { "Distinguished Name", "dtls.handshake.dname",
3379 FT_BYTES, BASE_NONE, NULL, 0x0,
3380 "Distinguished name of a CA that server trusts", HFILL }
3382 { &hf_dtls_heartbeat_extension_mode,
3383 { "Mode", "dtls.handshake.extension.heartbeat.mode",
3384 FT_UINT8, BASE_DEC, VALS(tls_heartbeat_mode), 0x0,
3385 "Heartbeat extension mode", HFILL }
3387 { &hf_dtls_heartbeat_message,
3388 { "Heartbeat Message", "dtls.heartbeat_message",
3389 FT_NONE, BASE_NONE, NULL, 0x0,
3392 { &hf_dtls_heartbeat_message_type,
3393 { "Type", "dtls.heartbeat_message.type",
3394 FT_UINT8, BASE_DEC, VALS(tls_heartbeat_type), 0x0,
3395 "Heartbeat message type", HFILL }
3397 { &hf_dtls_heartbeat_message_payload_length,
3398 { "Payload Length", "dtls.heartbeat_message.payload_length",
3399 FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL }
3401 { &hf_dtls_heartbeat_message_payload,
3402 { "Payload Length", "dtls.heartbeat_message.payload",
3403 FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL }
3405 { &hf_dtls_heartbeat_message_padding,
3406 { "Payload Length", "dtls.heartbeat_message.padding",
3407 FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL }
3409 { &hf_dtls_fragments,
3410 { "Message fragments", "dtls.fragments",
3411 FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL }
3413 { &hf_dtls_fragment,
3414 { "Message fragment", "dtls.fragment",
3415 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL }
3417 { &hf_dtls_fragment_overlap,
3418 { "Message fragment overlap", "dtls.fragment.overlap",
3419 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }
3421 { &hf_dtls_fragment_overlap_conflicts,
3422 { "Message fragment overlapping with conflicting data",
3423 "dtls.fragment.overlap.conflicts",
3424 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }
3426 { &hf_dtls_fragment_multiple_tails,
3427 { "Message has multiple tail fragments",
3428 "dtls.fragment.multiple_tails",
3429 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }
3431 { &hf_dtls_fragment_too_long_fragment,
3432 { "Message fragment too long", "dtls.fragment.too_long_fragment",
3433 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }
3435 { &hf_dtls_fragment_error,
3436 { "Message defragmentation error", "dtls.fragment.error",
3437 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL }
3439 { &hf_dtls_fragment_count,
3440 { "Message fragment count", "dtls.fragment.count",
3441 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
3443 { &hf_dtls_reassembled_in,
3444 { "Reassembled in", "dtls.reassembled.in",
3445 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL }
3447 { &hf_dtls_reassembled_length,
3448 { "Reassembled DTLS length", "dtls.reassembled.length",
3449 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
3453 /* Setup protocol subtree array */
3454 static gint *ett[] = {
3458 &ett_dtls_handshake,
3459 &ett_dtls_heartbeat,
3460 &ett_dtls_cipher_suites,
3461 &ett_dtls_comp_methods,
3462 &ett_dtls_extension,
3464 &ett_dtls_new_ses_ticket,
3465 &ett_dtls_keyex_params,
3467 &ett_dtls_cert_types,
3468 &ett_dtls_sig_hash_algs,
3469 &ett_dtls_sig_hash_alg,
3472 &ett_dtls_fragments,
3475 static ei_register_info ei[] = {
3476 { &ei_dtls_handshake_fragment_length_too_long, { "dtls.handshake.fragment_length.too_long", PI_PROTOCOL, PI_ERROR, "Fragment length is larger than message length", EXPFILL }},
3477 { &ei_dtls_handshake_fragment_past_end_msg, { "dtls.handshake.fragment_past_end_msg", PI_PROTOCOL, PI_ERROR, "Fragment runs past the end of the message", EXPFILL }},
3478 { &ei_dtls_msg_len_diff_fragment, { "dtls.msg_len_diff_fragment", PI_PROTOCOL, PI_ERROR, "Message length differs from value in earlier fragment", EXPFILL }},
3479 { &ei_dtls_handshake_sig_hash_alg_len_bad, { "dtls.handshake.sig_hash_alg_len.bad", PI_MALFORMED, PI_ERROR, "Signature Hash Algorithm length must be a multiple of 2", EXPFILL }},
3482 expert_module_t* expert_dtls;
3484 /* Register the protocol name and description */
3485 proto_dtls = proto_register_protocol("Datagram Transport Layer Security",
3488 /* Required function calls to register the header fields and
3490 proto_register_field_array(proto_dtls, hf, array_length(hf));
3491 proto_register_subtree_array(ett, array_length(ett));
3492 expert_dtls = expert_register_protocol(proto_dtls);
3493 expert_register_field_array(expert_dtls, ei, array_length(ei));
3495 #ifdef HAVE_LIBGNUTLS
3497 module_t *dtls_module = prefs_register_protocol(proto_dtls, proto_reg_handoff_dtls);
3499 static uat_field_t dtlskeylist_uats_flds[] = {
3500 UAT_FLD_CSTRING_OTHER(sslkeylist_uats, ipaddr, "IP address", ssldecrypt_uat_fld_ip_chk_cb, "IPv4 or IPv6 address"),
3501 UAT_FLD_CSTRING_OTHER(sslkeylist_uats, port, "Port", ssldecrypt_uat_fld_port_chk_cb, "Port Number"),
3502 UAT_FLD_CSTRING_OTHER(sslkeylist_uats, protocol, "Protocol", ssldecrypt_uat_fld_protocol_chk_cb, "Protocol"),
3503 UAT_FLD_FILENAME_OTHER(sslkeylist_uats, keyfile, "Key File", ssldecrypt_uat_fld_fileopen_chk_cb, "Path to the keyfile."),
3504 UAT_FLD_CSTRING_OTHER(sslkeylist_uats, password," Password (p12 file)", ssldecrypt_uat_fld_password_chk_cb, "Password"),
3508 dtlsdecrypt_uat = uat_new("DTLS RSA Keylist",
3509 sizeof(ssldecrypt_assoc_t),
3510 "dtlsdecrypttablefile", /* filename */
3511 TRUE, /* from_profile */
3512 (void**) &dtlskeylist_uats, /* data_ptr */
3513 &ndtlsdecrypt, /* numitems_ptr */
3514 UAT_AFFECTS_DISSECTION, /* affects dissection of packets, but not set of named fields */
3515 "ChK12ProtocolsSection", /* TODO, need revision - help */
3516 dtlsdecrypt_copy_cb,
3517 NULL, /* dtlsdecrypt_update_cb? */
3518 dtlsdecrypt_free_cb,
3520 dtlskeylist_uats_flds);
3522 prefs_register_uat_preference(dtls_module, "cfg",
3524 "A table of RSA keys for DTLS decryption",
3527 prefs_register_filename_preference(dtls_module, "debug_file", "DTLS debug file",
3528 "redirect dtls debug to file name; leave empty to disable debug, "
3529 "use \"" SSL_DEBUG_USE_STDERR "\" to redirect output to stderr\n",
3530 &dtls_debug_file_name);
3532 prefs_register_string_preference(dtls_module, "keys_list", "RSA keys list (deprecated)",
3533 "Semicolon-separated list of private RSA keys used for DTLS decryption. "
3534 "Used by versions of Wireshark prior to 1.6",
3540 register_dissector("dtls", dissect_dtls, proto_dtls);
3541 dtls_handle = find_dissector("dtls");
3543 dtls_associations = g_tree_new(ssl_association_cmp);
3545 register_init_routine(dtls_init);
3547 dtls_tap = register_tap("dtls");
3548 ssl_debug_printf("proto_register_dtls: registered tap %s:%d\n",
3551 register_heur_dissector_list("dtls", &heur_subdissector_list);
3555 /* If this dissector uses sub-dissector registration add a registration
3556 * routine. This format is required because a script is used to find
3557 * these routines and create the code that calls these routines.
3560 proto_reg_handoff_dtls(void)
3562 static gboolean initialized = FALSE;
3564 /* add now dissector to default ports.*/
3566 dtls_parse_old_keys();
3568 if (initialized == FALSE) {
3569 heur_dissector_add("udp", dissect_dtls_heur, proto_dtls);
3570 dissector_add_uint("sctp.ppi", DIAMETER_DTLS_PROTOCOL_ID, find_dissector("dtls"));